You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ignite.apache.org by Entwicklung <En...@giftinfo.uni-mainz.de> on 2022/11/02 15:29:21 UTC
AW: Ignite OpenSSL Vulnerability
Hello,
i hope i use the correct email address.
(user@ignite.apache.org<ma...@ignite.apache.org> returned wrong email address.)
I plan to install Apache Ignite version 2.14.0 binary release (latest) on a windows server. I prefer ODBC-Connection to my application.
Problem:
ODBC uses OpenSSL, but Version 3.0.0 to 3.0.6 has critical vulnerability. Version 3.0.7 has fixed the problems. Is 2.14.0 binary release (especially ODBC) affected ? If yes, when is a new binary release available with OpenSSL 3.0.7.
I could not find any information about the OpenSSL version that Ignite binaries were built from, especially ODBC.
Thank you for your help
Regards
Guido Clesius
__________________________________________
Dipl.-Ing. Guido Clesius
Externer Mitarbeiter
Softwareentwicklung Guido Clesius
Im Sand 1
55252 Mainz-Kastel
* 06134-9589649
Ë 0170-4430211
* support@swe-clesius.de<ma...@swe-clesius.de>
þ www.swe-clesius.de<http://www.swe-clesius.de/>
Re: Ignite OpenSSL Vulnerability
Posted by Ivan Daschinsky <iv...@gmail.com>.
So you should just download the latest openssl binaries, add them to PATH
and that's it. The ignite odbc driver will load them automatically.
You could also set OPENSSL_HOME env variable to the specific folder with
the valid openssl binaries.
Re: Ignite OpenSSL Vulnerability
Posted by Ivan Daschinsky <iv...@gmail.com>.
Hi, we don't link our odbc driver with openssl libraries. We load them
dynamically. So don't worry, our odbc driver is not affected at all.
Moreover, it supports multiple versions of openssl, up to 3.0.x
пн, 7 нояб. 2022 г. в 12:17, Ilya Kasnacheev <il...@gmail.com>:
> Hello!
>
> For the most part, we to not supply compiled versions of our C++ code, and
> our Java code does not use OpenSSL.
>
> So you should check if you can build ODBC driver against non-affected
> OpenSSL version.
>
> Regards,
> --
> Ilya Kasnacheev
>
>
> чт, 3 нояб. 2022 г. в 15:45, Entwicklung <
> Entwicklung@giftinfo.uni-mainz.de
> >:
>
> > Hello,
> >
> > i hope i use the correct email address.
> >
> > (user@ignite.apache.org<ma...@ignite.apache.org> returned wrong
> > email address.)
> >
> >
> >
> > I plan to install Apache Ignite version 2.14.0 binary release (latest) on
> > a windows server. I prefer ODBC-Connection to my application.
> >
> >
> >
> > Problem:
> >
> > ODBC uses OpenSSL, but Version 3.0.0 to 3.0.6 has critical vulnerability.
> > Version 3.0.7 has fixed the problems. Is 2.14.0 binary release
> (especially
> > ODBC) affected ? If yes, when is a new binary release available with
> > OpenSSL 3.0.7.
> >
> > I could not find any information about the OpenSSL version that Ignite
> > binaries were built from, especially ODBC.
> >
> >
> >
> > Thank you for your help
> > Regards
> > Guido Clesius
> > __________________________________________
> > Dipl.-Ing. Guido Clesius
> > Externer Mitarbeiter
> > Softwareentwicklung Guido Clesius
> > Im Sand 1
> > 55252 Mainz-Kastel
> > * 06134-9589649
> > Ë 0170-4430211
> > * support@swe-clesius.de<ma...@swe-clesius.de>
> > þ www.swe-clesius.de<http://www.swe-clesius.de/>
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
--
Sincerely yours, Ivan Daschinskiy
Re: Ignite OpenSSL Vulnerability
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
For the most part, we to not supply compiled versions of our C++ code, and
our Java code does not use OpenSSL.
So you should check if you can build ODBC driver against non-affected
OpenSSL version.
Regards,
--
Ilya Kasnacheev
чт, 3 нояб. 2022 г. в 15:45, Entwicklung <Entwicklung@giftinfo.uni-mainz.de
>:
> Hello,
>
> i hope i use the correct email address.
>
> (user@ignite.apache.org<ma...@ignite.apache.org> returned wrong
> email address.)
>
>
>
> I plan to install Apache Ignite version 2.14.0 binary release (latest) on
> a windows server. I prefer ODBC-Connection to my application.
>
>
>
> Problem:
>
> ODBC uses OpenSSL, but Version 3.0.0 to 3.0.6 has critical vulnerability.
> Version 3.0.7 has fixed the problems. Is 2.14.0 binary release (especially
> ODBC) affected ? If yes, when is a new binary release available with
> OpenSSL 3.0.7.
>
> I could not find any information about the OpenSSL version that Ignite
> binaries were built from, especially ODBC.
>
>
>
> Thank you for your help
> Regards
> Guido Clesius
> __________________________________________
> Dipl.-Ing. Guido Clesius
> Externer Mitarbeiter
> Softwareentwicklung Guido Clesius
> Im Sand 1
> 55252 Mainz-Kastel
> * 06134-9589649
> Ë 0170-4430211
> * support@swe-clesius.de<ma...@swe-clesius.de>
> þ www.swe-clesius.de<http://www.swe-clesius.de/>
>
>
>
>
>
>
>
>
>
Re: Ignite OpenSSL Vulnerability
Posted by Kseniya Romanova <ks...@apache.org>.
Hi Guido!
Actually the user@ignite.apache.org is correct. Maybe something went wrong,
because you are not subscribed. You can send Hello to this e-mail
user-subscribe@ignite.apache.org. By sending Stop to this e-mail
user-unsubscribe@ignite.apache.org you can unsubscribe easily.
This list is mostly for development process discussions. Please send to the
user list, because people are often looking for answers in the archive.
Sorry for the inconvenience.
чт, 3 нояб. 2022 г. в 15:45, Entwicklung <Entwicklung@giftinfo.uni-mainz.de
>:
> Hello,
>
> i hope i use the correct email address.
>
> (user@ignite.apache.org<ma...@ignite.apache.org> returned wrong
> email address.)
>
>
>
> I plan to install Apache Ignite version 2.14.0 binary release (latest) on
> a windows server. I prefer ODBC-Connection to my application.
>
>
>
> Problem:
>
> ODBC uses OpenSSL, but Version 3.0.0 to 3.0.6 has critical vulnerability.
> Version 3.0.7 has fixed the problems. Is 2.14.0 binary release (especially
> ODBC) affected ? If yes, when is a new binary release available with
> OpenSSL 3.0.7.
>
> I could not find any information about the OpenSSL version that Ignite
> binaries were built from, especially ODBC.
>
>
>
> Thank you for your help
> Regards
> Guido Clesius
> __________________________________________
> Dipl.-Ing. Guido Clesius
> Externer Mitarbeiter
> Softwareentwicklung Guido Clesius
> Im Sand 1
> 55252 Mainz-Kastel
> * 06134-9589649
> Ë 0170-4430211
> * support@swe-clesius.de<ma...@swe-clesius.de>
> þ www.swe-clesius.de<http://www.swe-clesius.de/>
>
>
>
>
>
>
>
>
>