On Thu, 2023-03-23 at 09:45 -0400, rsbecker@xxxxxxxxxxxxx wrote: > On Thursday, March 23, 2023 3:40 AM, Tomas Mraz wrote: > > To: rsbecker@xxxxxxxxxxxxx; openssl-users > > <openssl-users@xxxxxxxxxxx> > > On Wed, 2023-03-22 at 15:12 -0400, rsbecker@xxxxxxxxxxxxx wrote: > > > On Wednesday, March 22, 2023 11:50 AM Tomas Mraz wrote: > > > <snip> > > > > OpenSSL 3.1 users should upgrade to 3.1.1. > > > > OpenSSL 3.0 users should upgrade to 3.0.9. > > > > OpenSSL 1.1.1 users should upgrade to 1.1.1u. > > > > OpenSSL 1.0.2 users should upgrade to 1.0.2zh (premium support > > > > customers > > > only). > > > > > > Is there an ETA for 3.1.1, 3.0.9, 1.1.1u in the github repo? > > > > There is no ETA for the next releases. Unless there is any issue of > > severity higher > > than Low we usually do a release in 3 months after the previous > > patch release. > > Thanks. I was confused by the phrasing of the above, regarding > upgrading to the new releases that are not in the repo. There is the `Once they are released:` paragraph just before these sentences. Perhaps that is too confusing and we should simply drop these sentences from the Low advisories? -- Tomáš Mráz, OpenSSL
