OpenSSL and CVE-2021-3711 / CVE-2021-3712 / any others

[harshw]

21.7.2 is due tomorrow.
Cheers,
Franco

Franco - for important security updates like this - would they be backported to the previous version for a short period (e.g. 21.1.9 gets a hot fix for OpenSSL) ? I ask because it is not always easy to move to the new version immediately since it requires planning etc, but a hotfix for the current version is 100x easier to apply ...

[mimugmail]

Did you try to take the pkg and install manually in a test system? It should be compatible

[franco]

Franco - for important security updates like this - would they be backported to the previous version for a short period (e.g. 21.1.9 gets a hot fix for OpenSSL) ? I ask because it is not always easy to move to the new version immediately since it requires planning etc, but a hotfix for the current version is 100x easier to apply ...

Technically, this is what the business version is for... you are about three months behind on the next major version but important security fixes are carried out independently as was the case with 21.4.3 hotfix for OpenSSL.

Practically, you can always build and replace OpenSSL or any other piece of software with the ports tree.


Cheers,
Franco