Archived

This forum has been archived. Please start a new discussion on GitHub.

Rebuild for new OpenSSL vulnerability

rleigh
rleigh
in Help Center
With regard to the latest OpenSSL vulnerabilities, fixed with OpenSSL 1.0.1h, will the ThirdPartySources be updated and the ZeroC binary packages be updated to resolve the currently present security bugs? Is there an ETA for this?

Does ZeroC proactively track security issues in its dependent packages?


Kind regards,
Roger Leigh

Comments

  • xdm
    xdm La Coruña, Spain
    We will shortly updates the Windows installers and the third party source packages, after we test there isn't any compatibility issues. For Linux and OS X where we use the system OpenSSL libraries you will need to wait until the distributions provide the updates.
  • xdm
    xdm La Coruña, Spain
    Hi Roger,

    Ice distributions that include the latest openssl-1.0.1h are available in our download page, see the announcement for details.
  • rleigh
    rleigh
    Re: Rebuild for new OpenSSL vulnerability

    Sorry for not replying sooner, but I just wanted to say thank you for making the rebuilt third party sources available so quickly. We were able to rebuild all our dependent packages shortly afterward.


    Thanks again,
    Roger

Categories