Not logged in » Login
Jan 26 2016

OpenSSL Project Announces New Releases

Roughly two years after Heartbleed caused a major commotion in the IT industry, people at the OpenSSL Project stick with the security-aware release policy that was established after the bug.

That's why this upcoming Thursday (January 28) will see the release of two new, updated versions of the OpenSSL protocol, dubbed 1.0.1r and 1.0.2f. According to the official announcement, they will fix two vulnerabilities, one of which affects previous releases of the 1.0.2 family and is deemed to be highly severe, while the other affects all releases but receives a low severity rating. More details about the Project's severity ratings and security policy are available here.

IT vendors and site owners whose products and/or services rely on OpenSSL will be able to download the fixes sometime between 1:00 PM and 5:00 PM UTC (2:00 PM and 6:00PM CET). So far, the project group has not elaborated on details, so it's unclear which security defects are about to be fixed, but judging from the massive impact Heartbleed had it's recommended that developers, admins and webmasters deal with the patches as soon as possible.

In addition, the OpenSSL Project team once again pointed out that support for the 0.9.8 and 1.0.0 versions of the protocol ended on December 31, 2015. Support for the 1.0.1 versions will come to a halt on New Year's Eve this year.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now