OpenSSL.org has announced the release of OpenSSL 3.0.7, which addresses two HIGH risk security vulnerabilities. These vulnerabilities impact users of OpenSSL 3.0.0 – 3.0.6, and is further detailed on the Microsoft Security Response Center blog. Users of the Azure SDK for C++ who have compiled prior to the release of OpenSSL 3.0.7 may be impacted by these vulnerabilities, as libraries within the Azure SDK for C++ link to OpenSSL. It’s strongly recommended to upgrade to OpenSSL 3.0.7 as soon as possible.
Updating via vcpkg
For developers who have installed the Azure SDK for C++ via vcpkg command line, you may quickly upgrade all packages by updating your local vcpkg copy (such as via git pull
) and running the following commands:
vcpkg upgrade
vcpkg upgrade --no-dry-run
For detailed guidance on upgrading the Azure SDK for C++ or other dependencies via vcpkg, see the C++ team’s blog post Fix for High Risk OpenSSL Security Vulnerabilities Announced – Guidance for vcpkg Users.
0 comments