Security: OpenSSL is seriously out of date in client applications

I’ve recently installed the application on both a windows 10 pro and macOS 10.14 computers.

The reported OpenSSL version for Windows App is 1.0.1h and 1.0.2q for macOS. Linux might also be affected too.

Both libraries are out of date as the 1.0.2 is currently on version 1.0.2r and is only being supported until the end of this year. The Windows library 1.0.1h is not supported and has a large number of CVE issues https://www.openssl.org/news/vulnerabilities-1.0.1.html

Fixing the windows client is a priority as this is a big security risk using a library that was released back on the 5th June 2014!

1 Like

Hello @Rich,

that is a known issue and already addressed.

For details see:

3 Likes

@rakekniven Thank you for adding this to the GitHub ticket.

1 Like

Hi all,

this has been fixed with the current 2.5.3 release, available for download here:

Also with the next release we’ll include OpenSSL 1.1.1c with TLS 1.3 support (on Windows and hopefully everywhere).
For details see here:

:slight_smile:

1 Like