Need to update openSSL on Tuesday November 1, 2022: Serious security flaw announced.

[VeteranCoder]

To make issues more manageable, I would appreciate it if you fill out the following details as applicable:

General information

Device Independent, serious security flaw found in OpenSSL 3.x

Description of the issue

OpenSSL team announced a serious security flaw for which a patch is coming on 11/1/2022. They announced everyone must update ASAP due to the seriousness of the flaw. See OpenSSL warns of critical security vulnerability with upcoming patch.

[schwabe]

Please do not assume that I am not aware of this issue. That is rude.

[VeteranCoder]

I apologize for offending. As a professional developer myself, I always figure that I should raise such issues if it is not already in the issue list. I use your product, btw. Is there an announcement I should have seen? Perhaps a public-facing backlog? A document for future release targets?

While I do not take offense, I would like to point out that it could be considered rude to rebuke someone who was only seeking to help, even if it only creates a check-list item to mark as done when implemented and released.

[schwabe]

Give people some time. You are flagging an issue that is not even possible to fix yet. If someone does not fix it on their own after 2-3 days, then raise an issue. But prematurely filing an issue on a project, which is not even a company owned but a spare time project, feels rude to me.