New Question
0

SSL CVE vulnerability

asked 2023-10-23 17:34:54 +0300

vgarifullin gravatar image

Hello, the latest release(1.1.4) of cloudbase-init for windows uses the SSL package version SSL 1.1.1q, which already contains more CVEs. https://www.openssl.org/news/vulnerab... Is it possible to upgrade the package to SSL 3.1 in the new release of cloudbase-init? Or up to the most available version 1.1.1w with vulnerabilities fixed. And please tell me when the next release is planned?

edit retag flag offensive close merge delete

Comments

PR opened https://github.com/cloudbase/cloudbase-init-installer/pull/32 to add support for cloudbase-init MSI builds with Python 3.11.6 (current latest version of 3.11).

avladu gravatar imageavladu ( 2023-11-10 17:26:20 +0300 )edit
avladu gravatar imageavladu ( 2023-12-21 15:00:12 +0300 )edit

1 answer

Sort by » oldest newest most voted
0

answered 2023-11-02 18:48:39 +0300

avladu gravatar image

updated 2023-12-21 15:00:39 +0300

Hello,

We are planning to upgrade the cloudbase-init installer to a bug fix supported version of Python, most likely the latest 3.11.x

Please check the github repo for the installer for updates: https://github.com/cloudbase/cloudbas... .

I will update this issue https://github.com/cloudbase/cloudbas... when a new PR is created for the fix.

UPDATE: https://www.cloudbase.it/downloads/Cl...x64.msi https://www.cloudbase.it/downloads/Cl...x86.msi were built using 3.11.6 Python version.

Thank you,
Adrian

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2023-10-23 17:34:54 +0300

Seen: 291 times

Last updated: Dec 21 '23