Hotfix-Release for openssl bug?

dsteinkopf · April 5, 2021, 12:02pm

Hi there,
isn’t it a good idea to release some kind of hotfix release 2.3.4 or so - just to upgrade to openssl1.1.1k? - Or isn’t this necessary?
Thank you very much for everything
Dirk

P.S. the main branch already is upgraded: chore(deps) bump openssl from 1.1.1j to 1.1.1k by bungle · Pull Request #6966 · Kong/kong · GitHub

datong.sun · April 7, 2021, 4:05pm

Hello,

Kong 2.4 which will be released soon will contain the latest OpenSSL bump as a routine upgrade. However, we do not believe Kong 2.3 are affected by either of the CVEs fixed in OpenSSL 1.1.1k and therefore a new release is not needed.

Topic		Replies	Views
OpenSSL Vulnerability	1	482	March 8, 2021
Kong 1.0.4 released, including security patches Announcements	0	903	August 19, 2019
Kong 1.1.3 released, including security patches Announcements	0	805	August 16, 2019
Kong 1.2.2 released, including security patches Announcements	0	1018	August 15, 2019
Kong 2.3.1 available! Announcements	0	713	January 26, 2021

Hotfix-Release for openssl bug?

Related Topics