The OpenSSL project has disclosed two high-severity vulnerabilities (CVE-2022-3602 and CVE-2022-3786) affecting OpenSSL 3.0.x, addressed in the release of OpenSSL 3.0.7 on November 1st, 2022. Out of an abundance of caution, we will be performing expedited security maintenance to apply this update across all affected nodes on Friday, November 4th, 2022 between 2:00AM and 5:00AM EDT.
Our team has already reviewed our infrastructure and applied mitigations where applicable; this window completes the rollout of the patched OpenSSL packages and restarts the dependent services. The work takes advantage of our network's redundancy, and no further action is required on your part. The most you should witness are momentary periods of increased latency as services are restarted with the updated libraries.
We take security matters seriously and would rather act promptly than wait for our regular monthly window. If you have any questions or concerns, please contact us at support@xwebhosting.org.
Quarta-feira, Novembro 2, 2022
