Hi Sarah, DSpace doesn't include any direct dependency to a specific version of OpenSSL, so there is nothing to patch for the application software itself. You might need to patch your server that is hosting Tomcat (and/or Apache HTTPD if offloading SSL in a reverse proxy) for DSpace, however. See https://www.snbforums.com/threads/sans-critical-openssl-3-0-x-vulnerability.81516/ for some expected versions on various operating systems / distros, and how to check which version of OpenSSL is installed.
Hope this helps! Cheers Kim On Sunday, October 30, 2022 at 1:47:48 AM UTC+13 [email protected] wrote: > Our central IT has warned us of an OpenSSL vulnerability and requested > that we check with the developers/vendors for any needed patches. We are on > DSpace 5.11. Does this version, or version 7.4 (which we are planning to > move to) require a patch for this vulnerability? > > Thank you! > Sarah -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/0c9f9543-2e40-42c2-96a9-fe2285646173n%40googlegroups.com.
