OpenSSL Security Advisory [15th January 2024] Excessive time spent checking invalid RSA public keys (CVE-2023-6237) https://mta.openssl.org/pipermail/openssl-announce/2024-January/000289.html
New OpenSSL Releases By Tomas Mraz - Tue Jan 23 16:26:59 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-January/000291.html Note by me: With all due respect, I do prefer the announcements made by Matt Caswell: OpenSSL Security Advisory By Matt Caswell - Thu Jan 25 18:43:35 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-January/000292.html
Upcoming Webinar: Writing Your First OpenSSL Application Tue Mar 19 07:46:07 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-March/000296.html Read there more.
OpenSSL version 3.3.0-alpha1 published Wed Mar 20 13:35:23 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-March/000297.html Read there more.
OpenSSL version 3.3.0-beta1 published Fri Mar 29 14:58:40 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-March/000298.html Read there more.
OpenSSL Security Advisory Mon Apr 8 13:59:11 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-April/000299.html Read there more.
OpenSSL version 3.3.0 published Tue Apr 9 12:56:00 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-April/000300.html Read there more!
Upcoming Webinar: Writing a TLS Client Tue Apr 16 05:37:52 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-April/000301.html Read there more.
IMPORTANT Releases Distribution Changes by Dmitry Misharov - DevOps Engineer - Thu May 2 07:31:46 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-May/000302.html ========== Blogpost Releases Distribution Changes https://openssl.org/blog/blog/2024/04/30/releases-distribution-changes/ Posted by Dmitry Misharov •Apr 30th, 2024 4:00 pm === Full quoting === I’d like to give you a heads-up about some changes we’re making at OpenSSL. We’re simplifying how you can get our software, and that means we’re phasing out some older methods that don’t quite fit with the way the web works today. We’re no longer using our old ftp, rsync, and git links for distributing OpenSSL. These were great in their day, but it’s time to move on to something better and safer. ftp://ftp.openssl.org and rsync://rsync.openssl.org are not available anymore. As of June 1, 2024, we’re also going to shut down https://ftp.openssl.org and git://git.openssl.org/openssl.git mirrors. GitHub is becoming the main distributor of the OpenSSL releases. So here is the transition plan. The steps will be spaced in 2-week intervals to gather and respond to any eventual feedback: •Starting from the next patch release the tarballs will be uploaded only to GitHub, the download link at openssl.org/source will redirect to the corresponding release at github.com. •One frequently downloaded old release at openssl.org/source will redirect to the corresponding release at github.com. •All remaining frequently downloaded releases at openssl.org/source will redirect to the corresponding releases at github.com. Why change things? Well, here are a couple of straightforward reasons: •Safety first: The web’s come a long way in terms of security, and sticking to HTTPS helps keep everyone safer. •Keeping it simple: Fewer methods of distribution mean less clutter and confusion, letting us focus on making OpenSSL even better. •Watching the budget: Streamlining things cuts costs, which means we can spend more on improving OpenSSL and supporting you all. That being said, the main source of OpenSSL releases will be OpenSSL GitHub. OpenSSL Source will remain only for backward compatibility and will redirect to GitHub. Thanks so much for sticking with us. These updates will help us keep improving and ensure you have the best and safest experience using OpenSSL. Cheers! === end of quoting ===
OpenSSL Security Advisory Excessive time spent checking DSA keys and parameters (CVE-2024-4603) Thu May 16 16:03:51 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-May/000303.html
Upcoming Webinar: Getting Started with QUIC and OpenSSL Tue May 21 17:45:28 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-May/000304.html Read there more.
Upcoming New OpenSSL Releases - 4th June 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-May/000305.html
As previously announced here: https://www.wilderssecurity.com/threads/more-openssl-security-fixes.366904/page-6#post-3197156 Several updates - 04 June 2024 OpenSSL version 3.2.2 published https://mta.openssl.org/pipermail/openssl-announce/2024-June/000307.html OpenSSL version 3.3.1 published https://mta.openssl.org/pipermail/openssl-announce/2024-June/000308.html OpenSSL version 3.0.14 published https://mta.openssl.org/pipermail/openssl-announce/2024-June/000309.html OpenSSL version 3.1.6 published https://mta.openssl.org/pipermail/openssl-announce/2024-June/000310.html Read more at those links!
OpenSSL Security Advisory - Thu Jun 27 10:24:27 UTC 2024 SSL_select_next_proto buffer overread (CVE-2024-5535) https://mta.openssl.org/pipermail/openssl-announce/2024-June/000311.html Read there more.
Join Our Exclusive Webinar on Performance Tuning and Fetching with OpenSSL Kajal Sapkota Wed Jul 24 04:33:15 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-July/000312.html Read there more!
OpenSSL New Governance Structure and Two New Projects Kajal Sapkota Wed Jul 24 13:05:55 UTC 2024 https://mta.openssl.org/pipermail/openssl-announce/2024-July/000313.html See also the blog: New Governance Structure and New Projects under the Mission Jul 24, 2024 https://openssl-library.org/post/2024-07-24-openssl-new-governance-structure/ Read there more !! Too much to quote.
I noticed a little strange thing at https://mta.openssl.org/pipermail/openssl-announce/ The archive for July 2024 is suddenly nomore there. It was about: 1. Webinar on Performance Tuning and Fetching with OpenSSL See my reply #141 2. OpenSSL New Governance Structure and Two New Projects See my reply #142 At least that one is still to find here: https://openssl-library.org/post/2024-07-24-openssl-new-governance-structure/ I don't know the reason(s). Let's wait what will happen with the next announcements (whenever that will happen).
OpenSSL Security Advisory [3rd September 2024] Possible denial of service in X.509 name checks (CVE-2024-6119) Severity: Moderate https://openssl-library.org/news/secadv/20240903.txt Read there more! ========== Newslog https://openssl-library.org/news/newslog/index.html You can read there more. Also about a Alpha 1 of OpenSSL 3.4 ========== Notes by me As I previously posted in reply # 143 : The last post in The openssl-announce Archives here: https://mta.openssl.org/pipermail/openssl-announce/ was from June 2024 (and some later postings there were later removed). I don't see there the announcements from 03 September 2024 and 05 September 2024 mentioned. I don't know whether that means that further announcements will not be mentioned there any more. But I don't like it if that is the case...