Hello, the latest release(1.1.4) of cloudbase-init for windows uses the SSL package version SSL 1.1.1q, which already contains more CVEs. https://www.openssl.org/news/vulnerab... Is it possible to upgrade the package to SSL 3.1 in the new release of cloudbase-init? Or up to the most available version 1.1.1w with vulnerabilities fixed. And please tell me when the next release is planned?
Hello,
We are planning to upgrade the cloudbase-init installer to a bug fix supported version of Python, most likely the latest 3.11.x
Please check the github repo for the installer for updates: https://github.com/cloudbase/cloudbas... .
I will update this issue https://github.com/cloudbase/cloudbas... when a new PR is created for the fix.
UPDATE: https://www.cloudbase.it/downloads/Cl...x64.msi https://www.cloudbase.it/downloads/Cl...x86.msi were built using 3.11.6 Python version.
Thank you,
Adrian
Asked: 2023-10-23 17:34:54 +0200
Seen: 405 times
Last updated: Dec 21 '23
© 2014-2023 Cloudbase Solutions Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
PR opened https://github.com/cloudbase/cloudbase-init-installer/pull/32 to add support for cloudbase-init MSI builds with Python 3.11.6 (current latest version of 3.11).
Hello, PR was merged and nightly build installers were built: https://www.cloudbase.it/downloads/CloudbaseInitSetup_x64.msihttps://www.cloudbase.it/downloads/CloudbaseInitSetup_x86.msi .