openssl 1.1.1g released with a fix for a DoS

openresty / openresty-packaging

Official OpenResty packaging source and scripts for various Linux distributions and other systems

https://openresty.org/en/linux-packages.html

175 stars 87 forks source link

openssl 1.1.1g released with a fix for a DoS #40

Open simonvik opened 4 years ago

simonvik commented 4 years ago

Openssl 1.1.1g got released 2020-04-21 fixing CVE-2020-1967 : https://www.openssl.org/news/secadv/20200421.txt

agentzh commented 4 years ago

Yes, we were aware of that. Fortunately OpenSSL 1.1.1 packages are currently not used by any pre-built openresty binary packages we are shipping.

Upgrading to openssl 1.1.1g requires some more work on our side, since we saw some compatibility issues the last time we ran our EC2 test cluster. @thibaultcha Will you keep an eye on this? Thanks!

neomantra commented 4 years ago

@simonvik If you want to experiment with this, the OpenResty Docker image openresty/openresty:1.15.8.3-2-alpine is built-from-source using OpenSSL 1.1.1g.

simonvik commented 4 years ago

We have forked most of your debian-builds (to get all dependency's correct) and im running 1.1.1g in production since yesterday and i have so far no problems but we only use the lua stream module.