November 10th, 2022

Updating dependencies for Azure SDK for C++

Kyle Patterson
Program Manager

OpenSSL.org has announced the release of OpenSSL 3.0.7, which addresses two HIGH risk security vulnerabilities. These vulnerabilities impact users of OpenSSL 3.0.0 – 3.0.6, and is further detailed on the Microsoft Security Response Center blog. Users of the Azure SDK for C++ who have compiled prior to the release of OpenSSL 3.0.7 may be impacted by these vulnerabilities, as libraries within the Azure SDK for C++ link to OpenSSL. It’s strongly recommended to upgrade to OpenSSL 3.0.7 as soon as possible.

Updating via vcpkg

For developers who have installed the Azure SDK for C++ via vcpkg command line, you may quickly upgrade all packages by updating your local vcpkg copy (such as via git pull) and running the following commands:

vcpkg upgrade
vcpkg upgrade --no-dry-run

For detailed guidance on upgrading the Azure SDK for C++ or other dependencies via vcpkg, see the C++ team’s blog post Fix for High Risk OpenSSL Security Vulnerabilities Announced – Guidance for vcpkg Users.

Category
Azure SDK

Author

Kyle Patterson
Program Manager

0 comments

Discussion are closed.