Hotfix-Release for openssl bug?

Hi there,
isn’t it a good idea to release some kind of hotfix release 2.3.4 or so - just to upgrade to openssl1.1.1k? - Or isn’t this necessary?
Thank you very much for everything
Dirk

P.S. the main branch already is upgraded: chore(deps) bump openssl from 1.1.1j to 1.1.1k by bungle · Pull Request #6966 · Kong/kong · GitHub

Hello,

Kong 2.4 which will be released soon will contain the latest OpenSSL bump as a routine upgrade. However, we do not believe Kong 2.3 are affected by either of the CVEs fixed in OpenSSL 1.1.1k and therefore a new release is not needed.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ