-
-
Notifications
You must be signed in to change notification settings - Fork 34.6k
Update to OpenSSL 3.0.13 (& 1.1.1w) in our binary release build process. #109991
Copy link
Copy link
Closed
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9 (EOL)end of lifeend of lifetype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or errortype-securityA security issueA security issue
Description
Metadata
Metadata
Assignees
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9 (EOL)end of lifeend of lifetype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or errortype-securityA security issueA security issue
Projects
Status
Done
Bug report
Bug description:
We need to upgrade the OpenSSL versions we build & bundle into our binary releases before the next release. More security fixes as usual. In particular https://nvd.nist.gov/vuln/detail/CVE-2023-4807 applies to our 64-bit Windows binaries.
Pick the latest 3.0.x and 1.1.1 releases at the time the work is done. 3.0.11 today, and if we build binaries for older shipping-with-1.1 branches, 1.1.1w. We should update the binary build tooling in older release branches for those to at least reference and pull in 1.1.1w even if we aren't shipping new binary releases on those ourselves.
CPython versions tested on:
3.8, 3.9, 3.10, 3.11, 3.12
Operating systems tested on:
macOS, Windows
Linked PRs