-
-
Notifications
You must be signed in to change notification settings - Fork 33.2k
Closed
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9only security fixesonly security fixestype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or errortype-securityA security issueA security issue
Description
Bug report
Bug description:
We need to upgrade the OpenSSL versions we build & bundle into our binary releases before the next release. More security fixes as usual. In particular https://nvd.nist.gov/vuln/detail/CVE-2023-4807 applies to our 64-bit Windows binaries.
Pick the latest 3.0.x and 1.1.1 releases at the time the work is done. 3.0.11 today, and if we build binaries for older shipping-with-1.1 branches, 1.1.1w. We should update the binary build tooling in older release branches for those to at least reference and pull in 1.1.1w even if we aren't shipping new binary releases on those ourselves.
CPython versions tested on:
3.8, 3.9, 3.10, 3.11, 3.12
Operating systems tested on:
macOS, Windows
Linked PRs
- gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. #110002
- gh-109991: Update macOS installer to use OpenSSL 3.0.10. #110003
- [3.12] gh-109991: Update macOS installer to use OpenSSL 3.0.10. #110004
- [3.12] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002) #110005
- [3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. #110006
- [3.10] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3. #110007
- [3.9] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w and 3.0.11. #110008
- [3.8] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w and 3.0.11. #110009
- [3.11] gh-109991: Update macOS installer to use OpenSSL 3.0.10. (GH-110003) #110010
- gh-109991: Update Windows build to use OpenSSL 3.0.11 #110054
- gh-109991: Remove obsolete NEWS entries for OpenSSL 3.0.10 #110055
- [3.12] gh-109991: Update Windows build to use OpenSSL 3.0.11 (GH-110054) #110056
- [3.11] gh-109991: Update Windows build to use OpenSSL 3.0.11 (GH-110054) #110059
- [3.10] gh-109991: Update Windows build to use OpenSSL 1.1.1w #110090
- [3.9] gh-109991: Update Windows build to use OpenSSL 1.1.1w #111265
- [3.8] gh-109991: Update Windows build to use OpenSSL 1.1.1w #111266
- gh-109991: Update Windows build to use OpenSSL 3.0.13 #115043
- [3.12] gh-109991: Update Windows build to use OpenSSL 3.0.13 #115047
- [3.11] gh-109991: Update Windows build to use OpenSSL 3.0.13 #115048
- gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. #115050
- gh-109991: Update macOS installer to use OpenSSL 3.0.13. #115052
- [3.12] gh-109991: Update macOS installer to use OpenSSL 3.0.13. (GH-115052) #115053
- [3.11] gh-109991: Update macOS installer to use OpenSSL 3.0.13. (GH-115052) #115054
- [3.12] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. (GH-115050) #115055
- [3.11] gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13. (GH-115050) #115057
zooba, erlend-aasland and CharlieZhao95
Metadata
Metadata
Assignees
Labels
3.10only security fixesonly security fixes3.11only security fixesonly security fixes3.12only security fixesonly security fixes3.13bugs and security fixesbugs and security fixes3.8 (EOL)end of lifeend of life3.9only security fixesonly security fixestype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or errortype-securityA security issueA security issue
Projects
Status
Done