Bump openssl to patch vulnerabilities - Githubissues

Azure / iot-identity-service

Source of the Azure IoT Identity Service and related services.

MIT License

37 stars 46 forks source link

Bump openssl to patch vulnerabilities #525

Closed damonbarry closed 1 year ago

damonbarry commented 1 year ago

This change updates openssl to 0.10.48 and openssl-sys to 0.9.83 to fix vulnerabilities.

arsing commented 1 year ago

Just based on a casual glance at what those fixes are: @gordonwang0 Since we do some X509Extension stuff ourselves, can you check if there's something we need to worry about? Eg https://github.com/sfackler/rust-openssl/pull/1854/commits/482575bff434f58b80ffea34a9610d0ff265ac1f#diff-3105f7585b1063b001e5ff3f482774ddf31242e7390eb0f9b61fbd145754f223L520 vs https://github.com/sfackler/rust-openssl/pull/1854/commits/482575bff434f58b80ffea34a9610d0ff265ac1f#diff-3105f7585b1063b001e5ff3f482774ddf31242e7390eb0f9b61fbd145754f223R562