On Oct 25, 2022, The OpenSSL challenge introduced a forthcoming launch of OpenSSL (model 3.0.7) to deal with a essential safety vulnerability. The vulnerability is tracked as CVE-2022-3602 and impacts deployments of OpenSSL from 3.0.0 to three.0.6. It has since been decreased from “essential” to “excessive.” The discharge of model 3.0.7 went dwell on Tuesday, November 1, 2022.
There isn’t a present motion required of Amplitude clients. Maintaining our clients’ knowledge secure is our primary precedence, so we’re actively monitoring this concern and taking steps to mitigate it appropriately.
Amplitude providers usually are not impacted by the OpenSSL vulnerability. Whereas Amplitude providers usually are not at the moment impacted, now we have reached out to our related third-party distributors to find out their standing and impacts. We’ll proceed to observe in case new vulnerabilities are found or the scope adjustments, and if wanted, we’re ready to mitigate appropriately.
As we proceed to achieve an understanding of this vulnerability, the Amplitude staff will proceed to observe the standing of the vulnerability. We’ll preserve you knowledgeable of any developments by including onto this weblog put up.
We’re right here to assist. If in case you have further questions, please attain out to help.amplitude.com.
