| Tip |
|---|
This is the advisory page for Service Provider V3 releases. For older V2 SP advisories, refer to the V2 SecurityAdvisories page |
...
Version | EOL | User Data Exposure | Resource Exposure | Session Hijacking | Denial of Service | Remote Exploit | Advisories |
|---|---|---|---|---|---|---|---|
All | X | X | X | X | 2018-08-03, 2018-01-23, 2014-04-09, 2011-10-24 | ||
3.5.0 | |||||||
3.4.1 | |||||||
3.4.0 | Jan 2023 | ||||||
3.3.0 | Nov 2022 | ||||||
3.2.3 | Dec 2021 | ||||||
3.2.2 | Jul 2021 | 2021-06-22 | |||||
3.2.1 | Apr 2021 | X | 2021-04-26 | ||||
3.2.0 | Mar 2020 | X | 2020-03-17 | ||||
3.1.0 | Dec 2020 | X | 2020-08-31 | ||||
3.0.4 | Apr 2020 | X | |||||
3.0.3 | Mar 2019 | X | 2019-03-11 | ||||
3.0.2 | Dec 2018 | X | 2018-12-19a | ||||
3.0.1 | Aug 2018 | X | X | X | X | ||
3.0.0 | Jul 2018 | X |
...
OpenSSL on Windows (last reviewed 2024-09-03)
The version of OpenSSL 3.0 shipped on Windows at this time contains a number of non-impactful security vulnerabilities. Due to the effort involved, it is unlikely a new version will be supplied until a more significant need arises. Any advisory issued on or before the “last-reviewed” date above has been triaged.
Curl (last reviewed 2024-07-3110-16)
CVE-2024-7264
We don’t use the affected feature as we process cerrtificates separately from anything libcurl is doing with them.
CVE-2023-46218
We do not rely on cookies in our use of Curl.
CVE-2023-46219
We do not use the HSTS feature, this isn’t a web browser.
CVE-2024-0853
We do not rely on Curl to validate certificates
CVE-2024-2004
Even if this in fact affects libcurl itself and not just the command line, we don’t manipulate the protocols (we do for TLS protocols, but not schemes).
CVE-2024-2398
We don’t build with HTTP/2 support.
CVE-2024-6197
We don’t use those TLS implementations.
CVE-2024-6874
We don’t ship curl on macOS9143
The SP is not impacted by this issue.