Important OpenSSL Update Announced for January 28
[bold]A new OpenSSL release has been announced for January 28, and it’s going to cover a couple of problems, one of which it’s going to be very important.[/bold]
Until the Heartbleed vulnerability hit the entire Internet, the development of OpenSSL was sparse and in the hand of volunteers. After that problem, companies realized just how important is to have projects like OpenSSL properly funded and maintained. The project is now coordinated by The Linux Foundation, which gathers funds from its members and makes sure that they put to good use.
“The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2f, 1.0.1r. These releases will be made available on 28th January between approx. 1pm and 5pm (UTC). They will fix two security defects, one of “high” severity affecting 1.0.2 releases, and one “low” severity affecting all releases,” developer Mark J Cox said on the official mailing list.
Mark also said that support for 1.0.0 and 0.9.8 releases has ended on December 31, 2015, which means that upgrading to newer versions is now really important. The current version, 1.0.1, will be supported until December 31, 2016.
It’s interesting to see that the announcement for the updates comes with so much advance warning, but it’s probably done to make sure that people know that’s coming and have time to make the changes.