Security: OpenSSL is seriously out of date in client applications

ssl
#1

I’ve recently installed the application on both a windows 10 pro and macOS 10.14 computers.

The reported OpenSSL version for Windows App is 1.0.1h and 1.0.2q for macOS. Linux might also be affected too.

Both libraries are out of date as the 1.0.2 is currently on version 1.0.2r and is only being supported until the end of this year. The Windows library 1.0.1h is not supported and has a large number of CVE issues https://www.openssl.org/news/vulnerabilities-1.0.1.html

Fixing the windows client is a priority as this is a big security risk using a library that was released back on the 5th June 2014!

1 Like
#2

Hello @Rich,

that is a known issue and already addressed.

For details see:

3 Likes
#3

@rakekniven Thank you for adding this to the GitHub ticket.

1 Like