Title: Update OpenSSL versions for CI and Windows · Issue #131423 · python/cpython · GitHub
Open Graph Title: Update OpenSSL versions for CI and Windows · Issue #131423 · python/cpython
X Title: Update OpenSSL versions for CI and Windows · Issue #131423 · python/cpython
Description: OpenSSL v3.4.1 is out and contains some security patches (see https://github.com/openssl/openssl/releases/tag/openssl-3.4.1). There is one high vulnerabilty (CVE-2024-12797) that was fixed. However, what I'm interested in, are the fixes ...
Open Graph Description: OpenSSL v3.4.1 is out and contains some security patches (see https://github.com/openssl/openssl/releases/tag/openssl-3.4.1). There is one high vulnerabilty (CVE-2024-12797) that was fixed. However...
X Description: OpenSSL v3.4.1 is out and contains some security patches (see https://github.com/openssl/openssl/releases/tag/openssl-3.4.1). There is one high vulnerabilty (CVE-2024-12797) that was fixed. However...
Opengraph URL: https://github.com/python/cpython/issues/131423
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Update OpenSSL versions for CI and Windows","articleBody":"OpenSSL v3.4.1 is out and contains some security patches (see https://github.com/openssl/openssl/releases/tag/openssl-3.4.1). There is one high vulnerabilty ([CVE-2024-12797](https://nvd.nist.gov/vuln/detail/CVE-2024-12797)) that was fixed.\n\nHowever, what I'm interested in, are the fixes that allow me to continue working on #128391 (see https://github.com/openssl/openssl/issues/26388). Note that this high vulnerability does not affect the Windows build as the latter is still using OpenSSL 3.0.15 which is only affected by the following low vulnerabilities:\n\n- [CVE-2024-13176](https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176)\n- [CVE-2024-9143](https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143)\n\nThose low vulnerabilities affect OpenSSL 1.1.1+ and 3.x versions that we currently use and were fixed in the February 2025 release.\n\nNote: I don't think Python is directly affected by the low vulnerabilies and I just want the fixes that were included in those releases for my own work. Since the high vulnerability only affects 3.2+, Windows builds should not be affected.\n\ncc @gpshead \n\n### Plan:\n\n- [x] Update https://github.com/python/cpython-source-deps to pull OpenSSL 3.0.16 (cc @zooba)\n- [x] Update macOS and Windows builds to use OpenSSL 3.0.16.\n- [x] Update CI workflows to test against [3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.1]\n- [x] Update OpenSSL data headers\n\n\u003c!-- gh-linked-prs --\u003e\n### Linked PRs\n* gh-131839\n* gh-131848\n* gh-131849\n* gh-132051\n* gh-132052\n* gh-132053\n* gh-132189\n* gh-132196\n* gh-132197\n* gh-131618\n* gh-133077\n\u003c!-- /gh-linked-prs --\u003e\n","author":{"url":"https://github.com/picnixz","@type":"Person","name":"picnixz"},"datePublished":"2025-03-18T15:55:03.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":26},"url":"https://github.com/131423/cpython/issues/131423"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:52989e2f-04b3-a45c-6dc5-1b944f2d4ac8 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 9FD0:23348E:839F28:B1E8F1:696AB540 |
| html-safe-nonce | 29c1fcd6e826396c6abf444322ac421ab2b04c580b8290893f8c5d3ab3dd6223 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5RkQwOjIzMzQ4RTo4MzlGMjg6QjFFOEYxOjY5NkFCNTQwIiwidmlzaXRvcl9pZCI6IjIwNjc3OTk3MzE0MTEyNjg5MjkiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | 21d2ed981e7b3f0b32973ae6aaab502f5127983e4eef84257620985158f3fbb4 |
| hovercard-subject-tag | issue:2929016478 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/python/cpython/131423/issue_layout |
| twitter:image | https://opengraph.githubassets.com/ff030a7c524331803e4aebb8c572046b93c374a64f65fda3a695ec8d43112b7e/python/cpython/issues/131423 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/ff030a7c524331803e4aebb8c572046b93c374a64f65fda3a695ec8d43112b7e/python/cpython/issues/131423 |
| og:image:alt | OpenSSL v3.4.1 is out and contains some security patches (see https://github.com/openssl/openssl/releases/tag/openssl-3.4.1). There is one high vulnerabilty (CVE-2024-12797) that was fixed. However... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | picnixz |
| hostname | github.com |
| expected-hostname | github.com |
| None | 4fa1799b6a53c2d30c950d74230781bef9e7f61138c72c7727e4b83f0743752b |
| turbo-cache-control | no-preview |
| go-import | github.com/python/cpython git https://github.com/python/cpython.git |
| octolytics-dimension-user_id | 1525981 |
| octolytics-dimension-user_login | python |
| octolytics-dimension-repository_id | 81598961 |
| octolytics-dimension-repository_nwo | python/cpython |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 81598961 |
| octolytics-dimension-repository_network_root_nwo | python/cpython |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 41f276818bd204c4a30a0281fb3c576298d9474c |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width