openssl security release 1.1.1g - vulnerability HIGH #32846
Comments
|
@hassaanp offered to do the openssl update. |
|
Next TSC meeting will be right after the openssl release, Node.js impact can be discussed then. public announcement: nodejs/nodejs.org#3113 |
|
@nodejs/releasers Calling for volunteer/volunteers! Its not known if sec releases will be required yet, but if they are, and need to be expedited, we'll need someone to do the releases. Affected release lines will be all those currently supported: 10,12,13,14 |
|
I can do 13 and/or 12 |
|
https://www.openssl.org/news/secadv/20200421.txt is the sec issue addressed |
|
issue does not affect Node.js: https://mta.openssl.org/pipermail/openssl-users/2020-April/012269.html |
|
It does not affect Node.js and therefore I removed it from the tsc agenda. Seems like there is no action item in general and therefore I close this. |
Until the OpenSSL release occurs, we won't know if the issue affects Node.js or not.
https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1g.
This release will be made available on Tuesday 21st April 2020 between
1300-1700 UTC.
OpenSSL 1.1.g is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high
Yours
The OpenSSL Project Team
The text was updated successfully, but these errors were encountered: