Upgrade OpenSSL!
phpinfo() reports the OpenSSL version to be 1.0.1e. This is a security hole that needs to be fixed. Please update to the latest version.
Michael Daumling
shared this idea
Hi there,
Our servers are fully and regularly patched and have all latest Debian stable (Wheezy) security updates.
The version we deploy is:
ii openssl 1.0.1e-2+deb7u13 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools
And you can check here that this is the latest openssl release in Wheezy (stable) with the proper security patches:
https://packages.debian.org/search?keywords=openssl
We precisely chose Debian for the strong security and stability culture that the community has.
Cloudways Team
-
Jaso
commented
I see the servers are NOT updated regularly as seen here are the latest updates,
This is my sever as right now 22nd Nov 2021: https://prnt.sc/20fwl3o
BUT, this is the latest stable release for OPENSSL: https://prnt.sc/20fwx9y
This is my sever now with cURLSSL outdated: https://prnt.sc/20fx6li
BUT, update version is 7.80.0 and why hasn't Cloudways updated these on ALL severs: https://prnt.sc/20fxdpo
Cloudways, is what I have just shown here true and correct ??
OR
is the version it should be all updated:https://tracker.debian.org/pkg/openssl
https://tracker.debian.org/pkg/curl
I ask this because I have MAINWP plugin installed on WordPress and it warns of outdated cURL SSL as seen here:
https://prnt.sc/20g2yfrHELP
-
AdminCloudways
(Admin, Cloudways)
commented
Hi there,
Our servers are fully and regularly patched and have all latest Debian stable (Wheezy) security updates.
The version we deploy is:
ii openssl 1.0.1e-2+deb7u13 amd64 Secure Socket Layer (SSL) binary and related cryptographic toolsAnd you can check here that this is the latest openssl release in Wheezy (stable) with the proper security patches:
https://packages.debian.org/search?keywords=opensslWe precisely chose Debian for the strong security and stability culture that the community has.
Cloudways Team