You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/10/21 20:13:28 UTC

[GitHub] [pulsar] dave2wave opened a new issue, #18155: [update][dependency] Please update openssl to 1.1.1r

dave2wave opened a new issue, #18155:
URL: https://github.com/apache/pulsar/issues/18155

   ### Search before asking
   
   - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar.
   
   
   ### Motivation
   
   Keep OpenSSL in C++ up to date.
   
   ### Solution
   
   _No response_
   
   ### Alternatives
   
   _No response_
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [ ] I'm willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] hpvd commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

hpvd commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287428508

   or directly to v3.0 which is the latest major version with LTS
   
   which has beside new features an easier licence than the dual licence of 1.x...
   https://www.openssl.org/source/license.html
   
   migration guide:
   https://www.openssl.org/docs/man3.0/man7/migration_guide.html


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] merlimat commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

merlimat commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287467485

   > or directly to v3.0 which is the latest major version with LTS
   
   we need to validate how that works well with boost::asio and libcurl


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] dave2wave closed issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

dave2wave closed issue #18155: [update][dependency] Please update openssl to 1.1.1r
URL: https://github.com/apache/pulsar/issues/18155


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] hpvd commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

hpvd commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287445813

   > Dual license is not difficult we choose the one that is best for an Apache project.
   this is why I suggested v3...
   
   > For the 3.0 release, and later releases derived from that, [the Apache License v2](https://www.openssl.org/source/apache-license-2.0.txt) applies.
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] merlimat commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

merlimat commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287469721

   To clarify: we're using `1.1.1q` and not `1.1.1r`, though the only main difference is a compile error fix, not any security issues. https://www.openssl.org/news/cl111.txt
   
   Also, please open C++ client issues on https://github.com/apache/pulsar-client-cpp 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] merlimat commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

merlimat commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287466874

   This is already addressed in the `pulsar-client-cpp-3.0.0` release. You can find the list of dependencies here: https://github.com/apache/pulsar-client-cpp/blob/main/dependencies.yaml 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] dave2wave commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

dave2wave commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287478916

   Thank you @merlimat I'm glad you have already taken this into account. I will close this issue. If @hpvd wishes they can open an issue in the other repository.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] dave2wave commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

dave2wave commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287394458

   I noticed this issue when looking at #18136


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] dave2wave commented on issue #18155: [update][dependency] Please update openssl to 1.1.1r

Posted by GitBox <gi...@apache.org>.

dave2wave commented on issue #18155:
URL: https://github.com/apache/pulsar/issues/18155#issuecomment-1287433265

   Dual license is not difficult we choose the one that is best for an Apache project.
   
   Regarding migration or not. Upgrading to 1.1.1r will handle two CVEs immediately.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org