Comments (3)
mkitti
commented on July 3, 2024
1
This package, OpenSSL.jl, is currently compatible with OpenSSL v1.1 and OpenSSL v3.0 as of OpenSSL.jl v1.4.0.
We are currently tracking OpenSSL v1.1 and OpenSSL v3.0 upstream in OpenSSL_jll:
https://github.com/JuliaPackaging/Yggdrasil/tree/master/O/OpenSSL
Both v1.1.1 and v3.0 are both LTS versions. OpenSSL v1.1.1 is end of life effective September 11th, 2023. OpenSSL v3.0 will be supported until September 7th, 2026. All Julia dependents are encouraged to upgrade to OpenSSL_jll v3.0 as soon as possible.
https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
OpenSSL v3.1 is supported through March 14th, 2025. Julia security doctrine is such that we should only track LTS versions for security sensitive packages. We need to the avoid a similar situation to when Julia 1.6 LTS adopted a non-LTS mbedTLS 2.24. Thus, I have no intention of introducing OpenSSL v3.1 to Yggdrasil.
To my knowledge OpenSSL v3.0.9 and v1.1.1u have not been released upstream yet. The CVE is of low severity.
from openssl.jl.
quinnj
commented on July 3, 2024
There's no need to match versions of the OpenSSL.jl package (wrapper of the library) and the C library.
On the latest OpenSSL_jll version, we could ping @mkitti and see if he has plans to do the binary build update?
from openssl.jl.
PallHaraldsson
commented on July 3, 2024
There's no need to match versions of the OpenSSL.jl package (wrapper of the library) and the C library.
If/in that case I close the issue. I thought it might still be a good idea to match, and not disallowed by SemVer. It would clearly show people we support 3.0, but people might assume it's a breaking change. If the wrapped library is in fact breaking then we would need to update the number anyway, and then 3.0 best skipping 2.0.
from openssl.jl.
Related Issues (15)
- undefined symbol: EVP_idea_cbc, version OPENSSL_1_1_0 HOT 4
- Performance issue in heavily saturated usage HOT 3
- See if we can remove the use of finalizers HOT 1
- Remove unused code that isn't tested very well in OpenSSL.jl
- Make server-side code work + integrated w/ HTTP
- function Base.write(io::IO, evp_pkey::EvpPKey is broken HOT 1
- Could not load symbol "EVP_md2"
- Docker image creation fails for julia 1.9 HOT 1
- X509 to DER encoding
- Security issue
- tests throw "Unhandled Task ERROR"
- TagBot trigger issue HOT 10
- Loading OpenSSL causing error for ODBC driver HOT 2
- undefined symbol: EVP_idea_cbc, version OPENSSL_1_1_0 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.jl.