0 Replies Latest reply on Jun 11, 2015 11:02 AM by twenden

    OpenSSL version in ePO 5.30 is older than ePO 5.1.1/5.1.2

    twenden

      We are testing ePO 5.3.0 and just upgraded a test server from ePO 5.1.1. I noticed that ePO 5.3.0 only has two hotfixes, one updates java to SE7U80 and the other DE ldapsync issue.

       

      My question is with openssl since ePO 5.3.0 show version 1.0.1K. My ePO 5.1.1 server had 1.01m which is a newer version. Back in April 2015, there was a hotfix 1052048 released which updates openssl to 1.0.1m. The documentation for this hotfix only mentions support for ePO 5.1, 5.11 and 5.12 and no mention of ePO 5.30.

       

      Does this mean that ePO 5.3.0 is running with a vulnerable openssl?