Hi, > I just noted that the latest openssl 1.0.2 beta1 version was released > before the heartbleed bug became public and is thus vulnerable. (snipp) > Can the openssl devs create a new beta2 version that includes the > heartbleed fix?
Quoting from the security advisory (see https://www.openssl.org/news/secadv_20140407.txt): > Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including > 1.0.1f and 1.0.2-beta1. > [...] > Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately > upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. > > 1.0.2 will be fixed in 1.0.2-beta2. Regards, Stefan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
