>From Victor: >On Wed, Jun 11, 2014 at 04:09:47PM +0000, Scott Neugroschl wrote:
>> I know 0.9.7 is no longer under development, but for various reasons, >> I have an app that is still using 0.9.7g. >> Is 0.9.7g subject to the vulnerability from CVD-0214-0224? >There are I expect many unresolved issues (even if not the particular one in >question) in the long ago un-maintained 0.9.7 release. So my advice is that >if this application is communicating over the public Internet, it needs to be >upgraded or retired. We are aware of this, and are looking to upgrade. Does anyone have a recommendation as to 0.9.8 vs 1.0.0 (1.0.1 is too bleeding edge)? If you have a recommendation, may I ask what led you to choose that path? Thanks, ScottN ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org