Is Strapi 3 affected by the OpenSSl 3 vulnerability?

I got an email by Heroku which informs about a security issue with OpenSSL 3 to 3.0.6. Is Strapi 3 affected from that issue? If so, will there be a v3 update that fixes that issue?

I don’t think it’s STRAPI itself that is effected but rather the infrastructure you are using, or a commonly used nodeJS library that needs to be updated.

So this also then depends on how you are hosting your version :slight_smile:

I am not sure if it has authentication features, but if so, wouldn’t it be plausible to assume that Strapi3 ships with openssl? (I am not a developer…)

Strapi itself doesn’t ship with it.
The os it runs on, will :relaxed:

1 Like