OpenSSL Security Advisory
Tomas Mraz
tomas at openssl.org
Thu Mar 23 13:56:25 UTC 2023
On Thu, 2023-03-23 at 09:45 -0400, rsbecker at nexbridge.com wrote:
> On Thursday, March 23, 2023 3:40 AM, Tomas Mraz wrote:
> > To: rsbecker at nexbridge.com; openssl-users
> > <openssl-users at openssl.org>
> > On Wed, 2023-03-22 at 15:12 -0400, rsbecker at nexbridge.com wrote:
> > > On Wednesday, March 22, 2023 11:50 AM Tomas Mraz wrote:
> > > <snip>
> > > > OpenSSL 3.1 users should upgrade to 3.1.1.
> > > > OpenSSL 3.0 users should upgrade to 3.0.9.
> > > > OpenSSL 1.1.1 users should upgrade to 1.1.1u.
> > > > OpenSSL 1.0.2 users should upgrade to 1.0.2zh (premium support
> > > > customers
> > > only).
> > >
> > > Is there an ETA for 3.1.1, 3.0.9, 1.1.1u in the github repo?
> >
> > There is no ETA for the next releases. Unless there is any issue of
> > severity higher
> > than Low we usually do a release in 3 months after the previous
> > patch release.
>
> Thanks. I was confused by the phrasing of the above, regarding
> upgrading to the new releases that are not in the repo.
There is the `Once they are released:` paragraph just before these
sentences. Perhaps that is too confusing and we should simply drop
these sentences from the Low advisories?
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list