CVE-2022-3602 - OpenSSL

[Josh Levitsky]

A couple of customers have asked about https://nvd.nist.gov/vuln/detail/CVE-2022-3602 that was disclosed yesterday. We had been waiting for the update to be available in order to roll it in to FileWave. As previously mentioned, the current release plan is for FileWave 14.9.0 to go next week to the first customers, and the following week to everyone else. The time between now and next week is needed for QA to ensure that there are no critical bugs that slip through. 

 

[Josh Levitsky]

As an update we are still on schedule for the first customers to get 14.9.0 on Wednesday next week. An email will be going out to them as soon as the KB articles are live. This KB + Emails are planned for Monday (Nov 7th) morning. You'd only see an email if you are in that first round. The wider release is planned for the beginning of the week after. 

[Josh Levitsky]

Our plan of releasing more widely tomorrow (November 15th) is being pushed back by 1 day to confirm if behavior in 14.9.0 is a bug or specific to a customer. We are in the midst of troubleshooting so need to push back by at least 1 day as we'd not want to release knowing there was an issue.