Those using OpenSSL version 3.0 should update to 3.0.5.
Those using OpenSSL version 1.1.1 should update to 1.1.1q.
See OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security
What options are there for those still using older Xojo versions?
I am recompiling my stuff today with the openssl update.
The Crypto module doesn’t offer OCB mode so one of the bugs you don’t have to worry about. The other I don’t know enough about to speak on.
Xojo developer options include:
Hope this helps.
Xojo’s Crypto module is built on Crypto++, not OpenSSL. I believe their SSLSocket uses it though. As for updating older versions, you can’t. You’ll need to switch to third-party options, such as MBS.
MBS ?
however if things like postgresql etc use OpenSSL then only Xojo can update those