CyberSecurityBoard
Sponsor Register Login

OpenSSL 3.3 Alpha Release Date Announced

We are pleased to announce our schedule for the April release of OpenSSL 3.3.
In accordance with our adoption of biannual time-based releases following the release of OpenSSL 3.2, this will be our first time-based release.
An alpha of OpenSSL 3.3 will be made on 20 March 2024.
A beta of OpenSSL 3.3 will then be made on 29 March 2024.
The expected final release date for OpenSSL 3.3.0 is 10 April 2024.
No further features or API changes are planned for 3.3 beyond those listed above.
We will not be accepting any additional features for 3.3; any unmerged feature PRs will now be considered for 3.4.
The release process of OpenSSL 3.3 will be managed by Neil Horman.
Details on the release schedule can be found on the new OpenSSL Release Schedule board on GitHub.
The release of the subsequent feature release, OpenSSL 3.4, will occur no later than 31 October 2024.


This Cyber News was published on www.openssl.org. Publication date: Tue, 12 Mar 2024 18:43:05 +0000


Cyber News related to OpenSSL 3.3 Alpha Release Date Announced

OpenSSL 3.3 Alpha Release Date Announced - We are pleased to announce our schedule for the April release of OpenSSL 3.3. In accordance with our adoption of biannual time-based releases following the release of OpenSSL 3.2, this will be our first time-based release. An alpha of OpenSSL 3.3 ...
1 year ago Openssl.org
CVE-2022-1434 - The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being ...
2 years ago
OpenSSL Is Hiring - OpenSSL is hiring for a mid level engineer to join our team. We are seeking a Software Engineer to join our team. As a Software Engineer at OpenSSL, you will play a vital role in sustaining and evolving the core cryptography and network protocol ...
1 year ago Openssl.org
Lightship Security and the OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 Validation - Lightship Security and the OpenSSL Corporation have jointly submitted OpenSSL version 3.5.4 for FIPS 140-3 validation, marking a significant milestone in cryptographic security standards. This submission aims to ensure that OpenSSL, a widely used ...
3 months ago Cybersecuritynews.com
CVE-2021-23841 - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while ...
2 years ago
CVE-2020-1971 - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they ...
3 years ago
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
2 years ago Feeds.dzone.com
CVE-2023-38291 - An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G ...
1 year ago
CVE-2019-1552 - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / ...
3 years ago
CVE-2023-38298 - Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party ...
1 year ago
CVE-2023-38301 - An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola ...
1 year ago
CVE-2021-3712 - ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the ...
3 years ago
CVE-2021-23840 - Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...
2 years ago
CVE-2020-36164 - An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the ...
5 years ago
CVE-2023-2650 - Issue summary: Processing some specially crafted ASN.1 object identifiers or ...
1 year ago
OpenSSL Vulnerabilities: Risks, Exploits, and Mitigation Strategies - OpenSSL, a widely used cryptographic library, has faced numerous vulnerabilities over the years that pose significant risks to global cybersecurity. This article explores the most critical OpenSSL vulnerabilities, their impact on organizations, and ...
3 months ago Cybersecuritynews.com CVE-2024-1234 CVE-2023-5678 Advanced Persistent Threat Groups
OpenSSL 3.5.0 Released with Support for Post-Quantum Cryptography - With OpenSSL 3.5.0, the project takes a bold step into the quantum era, equipping developers and organizations with tools to safeguard data against future quantum threats while maintaining backward compatibility with existing systems. The OpenSSL ...
9 months ago Cybersecuritynews.com
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
1 year ago
OpenAI rolls out GPT-Codex Alpha with early access to new models - OpenAI has launched GPT-Codex Alpha, providing early access to its latest AI models designed to enhance coding and software development. This new release aims to empower developers by offering advanced AI capabilities that can understand and generate ...
3 months ago Bleepingcomputer.com
CVE-2021-23839 - OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. ...
2 years ago
CVE-2021-3449 - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but ...
3 years ago
CVE-2023-38296 - Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ...
1 year ago
CVE-2018-25096 - A vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site ...
2 years ago
ChatGPT"s GPT-5-reasoning-alpha model spotted ahead of launch - GPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. Other researchers have also dropped hints that GPT-5 will combine breakthroughs from all models to create a unified ...
6 months ago Bleepingcomputer.com
OpenAI is testing a new GPT-5-based AI agent, GPT-Alpha - OpenAI is currently testing an advanced AI agent named GPT-Alpha, which is based on the upcoming GPT-5 architecture. This new AI agent represents a significant leap in artificial intelligence capabilities, promising enhanced performance and more ...
3 months ago Bleepingcomputer.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)