Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl security release 1.1.1g - vulnerability HIGH #32846

Closed
sam-github opened this issue Apr 14, 2020 · 7 comments
Closed

openssl security release 1.1.1g - vulnerability HIGH #32846

sam-github opened this issue Apr 14, 2020 · 7 comments

Comments

@sam-github
Copy link
Contributor

@sam-github sam-github commented Apr 14, 2020

Until the OpenSSL release occurs, we won't know if the issue affects Node.js or not.


https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html

The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1g.

This release will be made available on Tuesday 21st April 2020 between
1300-1700 UTC.

OpenSSL 1.1.g is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high

Yours

The OpenSSL Project Team

@sam-github
Copy link
Contributor Author

@sam-github sam-github commented Apr 14, 2020

@hassaanp offered to do the openssl update.

@sam-github
Copy link
Contributor Author

@sam-github sam-github commented Apr 17, 2020

Next TSC meeting will be right after the openssl release, Node.js impact can be discussed then.

public announcement: nodejs/nodejs.org#3113

sam-github added a commit to nodejs/nodejs.org that referenced this issue Apr 17, 2020
sam-github added a commit to nodejs/nodejs.org that referenced this issue Apr 19, 2020
sam-github added a commit to nodejs/nodejs.org that referenced this issue Apr 19, 2020
@sam-github
Copy link
Contributor Author

@sam-github sam-github commented Apr 20, 2020

@nodejs/releasers Calling for volunteer/volunteers!

Its not known if sec releases will be required yet, but if they are, and need to be expedited, we'll need someone to do the releases.

Affected release lines will be all those currently supported: 10,12,13,14

@targos
Copy link
Member

@targos targos commented Apr 20, 2020

I can do 13 and/or 12

@sam-github
Copy link
Contributor Author

@sam-github sam-github commented Apr 21, 2020

@sam-github
Copy link
Contributor Author

@sam-github sam-github commented Apr 21, 2020

@BridgeAR
Copy link
Member

@BridgeAR BridgeAR commented Apr 23, 2020

It does not affect Node.js and therefore I removed it from the tsc agenda.

Seems like there is no action item in general and therefore I close this.

@BridgeAR BridgeAR closed this Apr 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants