The OpenSSL Project has informed users that an upcoming update will patch a critical vulnerability in the open source cryptography and secure communication toolkit.
OpenSSL version 3.0.7 is scheduled for Tuesday, November 1, between 13:00 and 17:00 UTC. No details have been provided, but it has been described as a ‘security-fix release’ that will include a patch for a vulnerability rated ‘critical’.
The issue does not appear to impact OpenSSL versions prior to 3.0.
This is the first critical vulnerability patched in OpenSSL since September 2016, and only the second flaw to be officially assigned a ‘critical’ severity rating.
In addition to the 3.0.7 release, the OpenSSL Project is also preparing version 1.1.1s, which is a bug fix release scheduled for the same day.