> if it's time to re-visit that practice of not updating through minor openssl versions; it's risky to try.
As an upstream OpenSSL maintainer we try very hard to ensure that stable releases remain stable across patch releases. We only allow bug fixes (no new features etc) into our patch releases and always seek to ensure backwards compatibility. Of course every bug fix is ultimately a change of behaviour and sometimes end users rely on that buggy behaviour. Sometimes we get it wrong and inadvertently break something. I hope those are few and far between though. Ultimately if you fix bugs there will always be a residual risk that you break something somewhere. Hopefully the risk is small enough that it is acceptable. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/2019970 Title: OpenSSL 3.0.2 crash in Ubuntu 22.04.2 LTS Status in openssl package in Ubuntu: Incomplete Bug description: Full bug report at https://github.com/openssl/openssl/issues/20981 No upstream impact: OpenSSL 3.0.9-dev does not contain the problem any more. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/2019970/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp