Title: OpenSSL upgrades: January 28th 2016 · Issue #4857 · nodejs/node · GitHub
Open Graph Title: OpenSSL upgrades: January 28th 2016 · Issue #4857 · nodejs/node
X Title: OpenSSL upgrades: January 28th 2016 · Issue #4857 · nodejs/node
Description: @nodejs/security Ref: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2f, 1.0.1r. Th...
Open Graph Description: @nodejs/security Ref: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming releas...
X Description: @nodejs/security Ref: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming releas...
Opengraph URL: https://github.com/nodejs/node/issues/4857
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"OpenSSL upgrades: January 28th 2016","articleBody":"@nodejs/security\n\nRef: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html\n\n\u003e Forthcoming OpenSSL releases\n\u003e \n\u003e The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2f, 1.0.1r.\n\u003e These releases will be made available on 28th January between approx. 1pm and 5pm (UTC). They will fix two security defects, one of \"high\" severity affecting 1.0.2 releases, and one \"low\" severity affecting all releases.\n\u003e Please see the following page for further details of severity levels: https://www.openssl.org/policies/secpolicy.html\n\u003e Please also note that, as per our previous announcements, support for 1.0.0 and 0.9.8 releases ended on 31st December 2015 and are no longer receiving security updates. Support for 1.0.1 will end on 31st December 2016.\n\nHigh severity is [defined](https://www.openssl.org/policies/secpolicy.html) as:\n\n\u003e This includes issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable. These issues will be kept private and will trigger a new release of all supported versions. We will attempt to keep the time these issues are private to a minimum; our aim would be no longer than a month where this is something under our control\n\nThe last round of updates were also high.\n\nNote that this impacts all our active release lines, v0.10 and v0.12 use 1.0.1 and v4 and v5 use 1.0.2. It's very possible that both of the bugs being fixed don't impact Node.js at all or that our impact assessment is much lower than theirs due to how we are using the particular parts of OpenSSL affected. Therefore, we will have to make an assessment on the urgency of release when we see the details on the 28th. It may be prudent to plan for releases for some or all of our release lines within one or two days of the 28th regardless, in order to give some predictability to users. The only catch here is that we only have two commits queued up for v0.10, a doc fix and a fix to tools/install.py to generate proper header files (a welcome fix). So it's harder to justify a v0.10 release if the OpenSSL fixes turn out to be irrelevant for Node.js. v0.12 has more meaty commits (7), worthy of a stand-alone release.\n\nI'll prepare an announcement for [nodejs-sec](https://groups.google.com/forum/#!forum/nodejs-sec) and nodejs.org and post a draft here but I'd like to hear thoughts on my above point about planning for releases regardless of impact.\n","author":{"url":"https://github.com/rvagg","@type":"Person","name":"rvagg"},"datePublished":"2016-01-25T13:03:08.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":31},"url":"https://github.com/4857/node/issues/4857"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:846286f5-b500-3650-a1e3-f6ddb1395369 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 88FE:26A272:A82FA6:F1ABF5:6A4E43C5 |
| html-safe-nonce | 9f5d0376e1010e45b684083a4fb25c98019f03e550ee38bce72286be1f6464a1 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI4OEZFOjI2QTI3MjpBODJGQTY6RjFBQkY1OjZBNEU0M0M1IiwidmlzaXRvcl9pZCI6IjYxNjc0MDM0NjQ5NDA3MzMzODEiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | d4c679d5339253abd6e6a7db06e1d9a5f9ab66baa442c7fdd169257dd29cb9ec |
| hovercard-subject-tag | issue:128532766 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/nodejs/node/4857/issue_layout |
| twitter:image | https://opengraph.githubassets.com/b135d272ae7bac0cc34ebe21fa84c9caf90d19b629a01e791b419606eec4a44f/nodejs/node/issues/4857 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/b135d272ae7bac0cc34ebe21fa84c9caf90d19b629a01e791b419606eec4a44f/nodejs/node/issues/4857 |
| og:image:alt | @nodejs/security Ref: https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html Forthcoming OpenSSL releases The OpenSSL project team would like to announce the forthcoming releas... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | rvagg |
| hostname | github.com |
| expected-hostname | github.com |
| None | 030096ee0db095447bfe77409d33bfac127ca7128299c58deef27c52eaa1b1f0 |
| turbo-cache-control | no-preview |
| go-import | github.com/nodejs/node git https://github.com/nodejs/node.git |
| octolytics-dimension-user_id | 9950313 |
| octolytics-dimension-user_login | nodejs |
| octolytics-dimension-repository_id | 27193779 |
| octolytics-dimension-repository_nwo | nodejs/node |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 27193779 |
| octolytics-dimension-repository_network_root_nwo | nodejs/node |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 9fabff9b8b127e686a3ec86f91422e818056ca2c |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width