The OpenSSL project team recently announced the release of OpenSSL version 3.0.7 – a security fix for two HIGH severity vulnerabilities in OpenSSL 3.0.x: CVE-2022-3602 and CVE-2022-3786. With this release, which became available earlier today, November 1st, developers and organizations have been urged to prepare to patch any instances of OpenSSL 3.x that they have in their software stacks.
The good news is that this will only affect OpenSSL versions 3.0.0 through 3.0.6. Our investigation confirmed that none of the software powering Edgio’s platform (including legacy Limelight, Edgecast, and Layer0 edges) is affected by this vulnerability.
We will continue to monitor this evolving situation and share any additional updates as appropriate. If you have any questions or concerns, please do not hesitate to contact our support team or your client success representative.