openssl outdated

[apollo13]

I hope I am reporting against the correct repository and that my flatpack runtimes are not outdated:

strings ./org.freedesktop.Platform/x86_64/1.6/cbe043497b11df396b202dd554843c5ac21d3eed72ef1d7d36f8b983eb4a626c/files/lib/libssl.so.1.0.2| grep "^OpenSSL 1"
OpenSSL 1.0.2j  26 Sep 2016

seems to suggest an OpenSSL version of 1.0.2j, while 1.0.2m is already available. Would it be possible to update that given that pretty much every openssl release fixes security issues?

[alexlarsson]

Absolutely not. OpenSSL has no ABI stability guarantees at all, so doing this will break all existing flatpaks. We do import security fixes from yocto though, and I see that there has been some, so we should probably rebase. No outstanding openssl ones though. The last ones were the CVE-2017-7526 fixes.