Closed
Description
Forthcoming OpenSSL releases
============================
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2l and 1.1.0f.
These releases will be made available on 25th May 2017 between
approximately 1200-1600 UTC.
Note: These are bug-fix only releases. No security defects are addressed
in these releases.
Please also note that, as per our previous announcements, support for
1.0.1 ended on 31st December 2016.
"These are bug-fix only releases" i.e. I don't believe we'll be rushing anything here, nor does there appear to be a need for an announcement on this (unless somehow this release makes a bit of noise that is unsettling to some just because it's OpenSSL and that's unsettling in itself). So I imagine we'll just be seeing this slot in as a normal dependency upgrade across our active release lines which are all on 1.0.2.
@nodejs/security @nodejs/security-wg — if there are any alternative ideas on policy or procedure on this one please let us know.