Hi, Sage's current openssl version (3.0.5) hass several "High severity" vulnerabilities, see https://www.openssl.org/news/vulnerabilities.html
It would be nice to have the fixes included in the next Sage release. I am not using github, here is a pull request (literally) to fix this : git pull https://lipn.univ-paris13.fr/~monteil/hebergement/sage/sage.git openssl.3.0.8 (commit hash : 997a6bd35a17f5511bb12552bd676597b09f1eaf) I checked the hash of the tarballs against the GPG signatures by upstream developers. Tarball at : https://www.openssl.org/source/openssl-3.0.8.tar.gz Ciao, Thierry P.S. Note that 3.1.0. has been very recently released, however 3.0.x is LTS and will not have structural changes. Just in case, here is a verified branch : git pull https://lipn.univ-paris13.fr/~monteil/hebergement/sage/sage.git openssl.3.1.0 (commit hash : 9229a2be66dc0e4f2e3f677aa515a33bfe72a873) Tarball at : https://www.openssl.org/source/openssl-3.1.0.tar.gz Le Sun, Apr 23, 2023 at 07:46:00AM -0700, Volker Braun a écrit : > As always, you can get the latest beta version from the "develop" git > branch. Alternatively, the self-contained source tarball is at > http://www.sagemath.org/download-latest.html > > > f3acd42678a (tag: 10.0.rc0, github/develop) Updated SageMath version to > 10.0.rc0 > eca2a773d08 gh-35543: Cleaning set partition > 9d8c9c05117 gh-35542: some fixes for cython-lint in various places > e1e119463ae gh-35534: some cython-lint fixes in matroids/ > 133a345bacb gh-35533: Fix bug in graph.maximum_average_degree > 3c2ba826156 gh-35530: some minor details in interfaces > 12cea800735 gh-35526: fix pycodestyle E271 and E502 in pyx files > a03f09cf594 gh-35525: cython-lint and some doc cleanup for expression.pyx > e9b67cc117a gh-35521: `sage.combinat.sf`: re-enable a doctest > cc0ea4d66f4 gh-35518: Improve PolynomialSequence.connected_components() > a38a25a261e gh-35515: Bug in integer valued polys > 803c7aacaee gh-35514: Don't force ecl lisp with `maxima -l ecl` on command > line. > 20d2edd1736 gh-35513: Silence initialization of giac > 64c205c7d51 gh-35512: Improve PolynomialSequence.connection_graph() > implementation > db2fa5d13b1 gh-35511: Fix Graph.add_clique() for one vertex > 0ff23f67772 gh-35510: Make BooleanPolynomial.variables() way faster > e3636bd579c gh-35509: some cython-linting in matrix/ folder > 2c7e16e5faf gh-35507: fix pycodestyle E303 in schemes > 98595ef8661 gh-35506: add check for pycodestyle E502 in python files > 80f3fd99d04 gh-35504: `build/pkgs/sphinx_{copybutton,basic_ng}`: Add conda > info > 41c256ae647 gh-35499: Fix test output for ipywidgets 8.0.5, part deux > 3740e145432 gh-35478: Remove unused code from GAP interface > b25229b6647 gh-35476: scipy: Patch out test requiring internet access > eafd5215a28 gh-35472: Implement the Feichtner-Yuzvinsky rings for lattices > 957e627f023 gh-35465: Fix conda workflow > 1fc3fee5bed gh-35463: Add iterator over minimum distance k dominating sets > ecd162be3dc gh-35462: Iterator over the minimal distance k dominating sets > c18a3fbfe72 gh-35446: add method is_simple to permutations > ef68bee7ccf gh-35443: Fix slow doctests or mark # long time > c005c006d4e gh-35431: Documentation improvements for rounding methods > 15a5078afaa gh-35389: `sage.rings.finite_rings.residue_field`: > Modularization fixes > 9ff469adb9c gh-35375: Fix minimal kernel basis corner cases > 55ebb79b65a gh-35306: `sage.groups.matrix_gps`: Modularization fixes for > imports > 8bcce63b6a1 gh-35305: `sage.quadratic_forms`: Modularization fixes for > imports > 97b45d80a7c (tag: 10.0.beta9) Updated SageMath version to 10.0.beta9 > > -- > You received this message because you are subscribed to the Google Groups > "sage-release" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sage-release+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/sage-release/788f2bad-420b-463a-be98-4f11819d3288n%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-devel/ZEjvpybhNZhFERjm%40metelu.net.
