Releases: openssl/openssl
OpenSSL 3.4.1
OpenSSL 3.4.1 is a security patch release. The most severe CVE fixed in this release is High.
This release incorporates the following bug fixes and mitigations:
-
Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)
-
Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
OpenSSL 3.3.3
OpenSSL 3.3.3 is a security patch release. The most severe CVE fixed in this release is High.
This release incorporates the following bug fixes and mitigations:
-
Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)
-
Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
-
Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)
OpenSSL 3.2.4
OpenSSL 3.2.4 is a security patch release. The most severe CVE fixed in this release is High.
This release incorporates the following bug fixes and mitigations:
-
Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. (CVE-2024-12797)
-
Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
-
Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)
OpenSSL 3.1.8
OpenSSL 3.1.8 is a security patch release. The most severe CVE fixed in this release is Low.
This release incorporates the following bug fixes and mitigations:
-
Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
-
Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)
OpenSSL 3.0.16
OpenSSL 3.0.16 is a security patch release. The most severe CVE fixed in this release is Low.
This release incorporates the following bug fixes and mitigations:
-
Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
-
Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)
OpenSSL 3.4.0
OpenSSL 3.4.0 has been released. You can find more details about this release in the release notes.
OpenSSL 3.4.0-beta1
Beta 1 of OpenSSL 3.4.0 is now available: please download and test it!
OpenSSL 3.4.0-alpha1
Alpha 1 of OpenSSL 3.4.0 is now available: please download and test it.
OpenSSL 3.3.2
OpenSSL 3.3.2 is now available, including bug and security fixes: please download and upgrade!
OpenSSL 3.2.3
OpenSSL 3.2.3 is now available, including bug and security fixes: please download and upgrade!