OpenSSL released version 1.0.1b, but we're not

Started by Gregg, April 29, 2012, 08:57:59 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Gregg

April 29, 2012, 08:57:59 PM
OpenSSL released version 1.0.1b on Thursday, April 26, 2012. There are no security related fixes in this version and of the 4 changes, only one affecting Apache on Windows, and then only if Apache (or more specifically mod_ssl) was compiled with OpenSSL 1.0.0.

Since we always include a recompiled mod_ssl and abs (apr_crypto_openssl with Apache 2.4) with our updates, the point is moot and our 1.0.1a updates are not affected by the bug. Since there are no security implications being fixed here, there is no need for you or us to upgrade.

As always, any new Apache release will include the latest OpenSSL with it. If there is no newer OpenSSL version by then, OpenSSL 1.0.1b it will be.
Print
Go Up Pages1
User actions