Hello All,

I am trying to get a stable version of perl that has the latest version of
OpenSSL installed on it. As I am sure you are aware OpenSSL before the
release of the 1.1.1 series will be at the end of its lifecycle in less
than a year. Some of the vendors that I work with to mitigate
vulnerabilities in there software use Perl. So the request is that the new
versions going forward will have a openSSL library which is not at the end
of its lifecycle and does not yet have any CVE on the NIST NVD site. With
that said I know its wishful thinking considering new vulnerabilities are
being discovered all the time with for openSSL. However, trying to keep up
with the latest OpenSSL versions 1.1.1 and possibly in the near future the
3.0.0 series will greatly help reduce producing updates that are still
using vulnerable openSSL libraries. I hope this will help developers of the
next version and I look forward to reviewing the updates!

Thanks,

Iverson Golden, MSIT, Sec+

Reply via email to