Hello OpenSSL Developers, I understand through your previous announcements that OpenSSL 0.9.8 is no longer "supported", and no more "security fixes", nor "security updates" will be provided by OpenSSL.org. Does this mean that we can expect no more CVEs to be generated or listed for OpenSSL 0.9.8 also? Thanks! Joe ------------------------ "NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS." "As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade." per http://openssl.org/news/secadv/20151203.txt. ------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160112/e7f41d12/attachment.html>
