Should we expect a new release or docker image reb...
# fleetw
wtheaker
10/31/2022, 5:11 PMShould we expect a new release or docker image rebuild for when the OpenSSL CVE/patch lands tomorrow?
k
Kathy Satterlee
10/31/2022, 6:39 PMHey @wtheaker, I’ve reached out to the team and we’re digging in to this. Will have an answer for you shortly!
g
Guillaume
10/31/2022, 6:56 PMHi!
Open the osquery side, OpenSSL 1.x is in use, which is not affected.
On the Fleet server side, we use go, which has its own TLS implementation. We know go plans to release a security update tomorrow, and it does not look like it will be to fix the same issue in their TLS implementation.
It is not impossible other TLS implementations will have similar vulnerabilities so we will look closely at the updates to see if any require an emergency update.
So TL;DR -> It is unlikely we will need to release an emergency update tomorrow.
Guillaume
10/31/2022, 7:04 PMI meant “on” the osquery side but for some reason Slack won’t let me edit 🙂
w
wtheaker
10/31/2022, 7:06 PMI read it as "on" 👍