OpenSSL vulnerability in NodeJS

Lutz · March 16, 2022, 11:18am

Hi,

is the current Pinegrow version affected by this vulnerability?

"The OpenSSL project announced this week that they will be releasing versions 3.0.2 and 1.1.1n on the 15th of March 2022 between 1300-1700 UTC. The releases will fix two security defects that are labelled as “HIGH” severity under their security policy.

Node.js v12.x, v14.x and v16.x use OpenSSL v1.1.1 and Node.js v17.x uses OpenSSL v3. Therefore all active release lines are impacted by this update."

Regards,

Lutz

RobM · March 16, 2022, 1:06pm

Hi @Lutz,
Thanks for notice! The version of NW.js that Pinegrow uses does incorporate Node.js v16.4.2. However, Pinegrow doesn’t directly use the OpenSSL package, so this shouldn’t be a concern. We will keep our eye on the Node.js blog!
Thanks,
Bob

Topic		Replies	Views
Pinegrow Live … General	3	137	January 18, 2023
[solved] Problem trying to install 7.92 Bug Reports	3	71	January 17, 2024
Pinegrow 7.x Known Issues Announcements	2	212	December 28, 2022
Python/Django or NodeJs Support Feature Request	1	892	February 15, 2024
Release log - The list of plugin releases Pinegrow WordPress Plugin	5	441	April 3, 2023

OpenSSL vulnerability in NodeJS

Related Topics