New Question

SSL CVE vulnerability

asked 2023-10-23 17:34:54 +0300

vgarifullin gravatar image

Hello, the latest release(1.1.4) of cloudbase-init for windows uses the SSL package version SSL 1.1.1q, which already contains more CVEs. Is it possible to upgrade the package to SSL 3.1 in the new release of cloudbase-init? Or up to the most available version 1.1.1w with vulnerabilities fixed. And please tell me when the next release is planned?

edit retag flag offensive close merge delete


PR opened to add support for cloudbase-init MSI builds with Python 3.11.6 (current latest version of 3.11).

avladu gravatar imageavladu ( 2023-11-10 17:26:20 +0300 )edit
avladu gravatar imageavladu ( 2023-12-21 15:00:12 +0300 )edit

1 answer

Sort by » oldest newest most voted

answered 2023-11-02 18:48:39 +0300

avladu gravatar image

updated 2023-12-21 15:00:39 +0300


We are planning to upgrade the cloudbase-init installer to a bug fix supported version of Python, most likely the latest 3.11.x

Please check the github repo for the installer for updates: .

I will update this issue when a new PR is created for the fix.

UPDATE: were built using 3.11.6 Python version.

Thank you,

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2023-10-23 17:34:54 +0300

Seen: 309 times

Last updated: Dec 21 '23