librdkafka icon indicating copy to clipboard operation
librdkafka copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Upgraded OpenSSL to 3.0.8

Open migarc1 opened this issue 2 years ago • 4 comments

migarc1 avatar May 31 '23 18:05 migarc1

Upgrade to 3.1.1 you mean? Fix your git message and pull request title.

ThomasDevoogdt avatar Jul 27 '23 04:07 ThomasDevoogdt

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

cla-assistant[bot] avatar Aug 21 '23 14:08 cla-assistant[bot]

Hello @migarc1 👋 Reaching out here to check if there is a planned timeline for upgrading openssl from v3.0.8 to the latest in librdkafka.

I am particularly looking to understand when librdkafka would be free of the below CVEs that are currently exposed in openssl v3.0.8

  • https://nvd.nist.gov/vuln/detail/CVE-2023-3817
  • https://nvd.nist.gov/vuln/detail/CVE-2023-0464
  • https://nvd.nist.gov/vuln/detail/CVE-2023-0465
  • https://nvd.nist.gov/vuln/detail/CVE-2023-0466
  • https://nvd.nist.gov/vuln/detail/CVE-2023-1255
  • https://nvd.nist.gov/vuln/detail/CVE-2023-2650
  • https://nvd.nist.gov/vuln/detail/CVE-2023-2975
  • https://nvd.nist.gov/vuln/detail/CVE-2023-4807
  • https://nvd.nist.gov/vuln/detail/CVE-2023-5363
  • https://nvd.nist.gov/vuln/detail/CVE-2023-5678

vivek-datadog avatar Dec 08 '23 12:12 vivek-datadog

Is there any reason why this was not merged in almost a year? Does Confluent have SLAs for fixing High vulnerabilities?

trapeznikov avatar Mar 26 '24 13:03 trapeznikov

Closed by #4215

emasab avatar Jul 12 '24 10:07 emasab