Open RoelofRoelofsen opened 11 months ago
This is still not fixed in newest versions. 7.52.1 nor 7.53.0? Is it even being considered to be fixed?
Also not fixed in 7.54.0. Defender alerts on: 3.0.13.0: c:\program files\datadog\datadog agent\embedded3\dlls\libcrypto-3.dll c:\program files\datadog\datadog agent\embedded3\dlls\libssl-3.dll
3.0.8.0: c:\program files\datadog\datadog agent\embedded3\lib\site-packages\confluent_kafka.libs\libcrypto-3-x64-635e87f2c9173c8128924a94337627b3.dll c:\program files\datadog\datadog agent\embedded3\lib\site-packages\confluent_kafka.libs\libssl-3-x64-a0018292260ae8557aa3cd7db7d50307.dll
Release notes for 7.56.0 say: Security Notes:
Updated all agents to 7.56.0, but that still installs openssl 3.0.13 dlls in c:\program files\datadog\datadog agent\embedded3\dlls
In the release notes (security notes) of version 7.50.0 I found updated OpenSSL from 3.0.11 to 3.0.12.
MIcrosoft Defender still found OpenSSL dll's with version 3.0.8 with known vulnerabilties in the DataDog Agent application folders (C:\Program Files\Datadog\Datadog Agent\embedded3\Lib\site-packages\confluent_kafka.libs).