OpenSSL bug

Those using OpenSSL version 3.0 should update to 3.0.5.

Those using OpenSSL version 1.1.1 should update to 1.1.1q.

See OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security

What options are there for those still using older Xojo versions?

I am recompiling my stuff today with the openssl update.

The Crypto module doesn’t offer OCB mode so one of the bugs you don’t have to worry about. The other I don’t know enough about to speak on.

Xojo developer options include:

Hope this helps.

Xojo’s Crypto module is built on Crypto++, not OpenSSL. I believe their SSLSocket uses it though. As for updating older versions, you can’t. You’ll need to switch to third-party options, such as MBS.


however if things like postgresql etc use OpenSSL then only Xojo can update those