openj9 icon indicating copy to clipboard operation
openj9 copied to clipboard

Published 20 hours ago verified publisher icon eclipse-openj9

Update openssl to the latest security update

Open pshipton opened this issue 6 years ago • 10 comments

openssl should be updated to the latest version for each OpenJ9 release.

Don't close this issue, move it to the next milestone after completing the update.

pshipton avatar Oct 29 '19 19:10 pshipton

There is a 1.1.1e update which we're using for the 0.20.0 release.

pshipton avatar Mar 25 '20 15:03 pshipton

There is a 1.1.1f bug fix update. It's in progress to update OpenJ9 head stream to use it, but I don't think the 0.20.0 release should be updated since there aren't any known problems we need bug fixes for, and updating carries the risk of breaking something. Adopt actually controls which version is used in a build.

@ashbm5 @DanHeidinga

pshipton avatar Apr 02 '20 19:04 pshipton

https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html

The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.1.1g.

This release will be made available on Tuesday 21st April 2020 between 1300-1700 UTC.

OpenSSL 1.1.g is a security-fix release. The highest severity issue fixed in this release is HIGH: https://www.openssl.org/policies/secpolicy.html#high

@ashbm5 we'll be asking you about the impact of the security fixes when this is released next week.

pshipton avatar Apr 14 '20 15:04 pshipton

1.1.1i is release with security fixes. Created issues to update. https://github.com/eclipse/openj9/issues/11407

pshipton avatar Dec 11 '20 04:12 pshipton

The tag 1.1.1j appeared today: created #11980.

keithc-ca avatar Feb 16 '21 16:02 keithc-ca

The tag OpenSSL_1_1_1k appeared today: created #12291.

keithc-ca avatar Mar 25 '21 14:03 keithc-ca

The tag OpenSSL_1_1_1l appeared today: created #13373.

keithc-ca avatar Aug 24 '21 15:08 keithc-ca

Version 1.1.1m was released on December 14, 2021: created #14208.

keithc-ca avatar Jan 04 '22 16:01 keithc-ca

The tag for 1.1.1n appeared today: I'll open a PR to update accordingly.

keithc-ca avatar Mar 15 '22 18:03 keithc-ca

Version 1.1.1o appeared today.

keithc-ca avatar May 03 '22 14:05 keithc-ca

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 3.0.8, 1.1.1t and 1.0.2zg. Note that OpenSSL 1.0.2 is End Of Life and so 1.0.2zg will be available to premium support customers only. These releases will be made available on Tuesday 7th February 2023 between 1300-1700 UTC. These are security-fix releases. The highest severity issue fixed in each of these three releases is High

AdamBrousseau avatar Feb 03 '23 15:02 AdamBrousseau

Version 1.1.1t is now available. I'll put together the necessary pull requests.

keithc-ca avatar Feb 07 '23 17:02 keithc-ca

  • https://github.com/eclipse-openj9/openj9/pull/16675
  • https://github.com/adoptium/temurin-build/pull/3242

keithc-ca avatar Feb 07 '23 17:02 keithc-ca

Update 1.1.1t with the latest security fixes. https://www.openssl.org/news/secadv/20230322.txt https://www.openssl.org/news/secadv/20230328.txt https://github.com/eclipse-openj9/openj9/pull/17161 https://github.com/eclipse-openj9/openj9/pull/17169 https://github.com/eclipse-openj9/openj9/pull/17170 https://github.com/ibmruntimes/temurin-build/pull/78

pshipton avatar Apr 12 '23 20:04 pshipton