On 09.11.2022 08:39, Payyavula, Manjula Vani via dev wrote:
Hi Team,
We are facing security vulnerability with "faterxml jackson databind" dependency 2.13.3,
1.13.4, .. so on. Even if we used latest 2.14.0-rc2 version also did not resolve the
"CVE-.." type vulnerabilities.
Could you please hel
From: Ruediger Pluem
Sent: Wednesday, November 9, 2022 1:02 PM
To: dev@httpd.apache.org
Subject: [External] Re: Apache HTTP Server dependency on OpenSSL
This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links
and attachments.
On 11/9/22 8:29 AM, Turritopsis Dohrn
On Wed, 9 Nov 2022 at 18:32, Ruediger Pluem wrote:
>
>
> On 11/9/22 8:29 AM, Turritopsis Dohrnii Teo En Ming wrote:
> > Subject: Apache HTTP Server dependency on OpenSSL
> >
> > Good day from Singapore,
> >
> > I read that Apache HTTP Server depends on/re
On 11/9/22 8:29 AM, Turritopsis Dohrnii Teo En Ming wrote:
> Subject: Apache HTTP Server dependency on OpenSSL
>
> Good day from Singapore,
>
> I read that Apache HTTP Server depends on/requires OpenSSL 1.1.1 to operate a
> TLS 1.3 web server.
>
> Can we use OpenSSL
Subject: Apache HTTP Server dependency on OpenSSL
Good day from Singapore,
I read that Apache HTTP Server depends on/requires OpenSSL 1.1.1 to operate
a TLS 1.3 web server.
Can we use OpenSSL 3.0.7 instead of OpenSSL 1.1.1? Is it supported?
OpenSSL versions 3.0.0 through 3.0.6 have CVE-2022
