Unclaimed project

Are you a maintainer of openssl? Claim this project to take control of your public changelog and roadmap.

Claim this project

Changelog

openssl

TLS/SSL and crypto library

openssl/openssl·

30k11kCApache-2.0

·Website

cryptographydecryptionencryptionopensslssltls

Last updated 6 days ago

Jan 27, 2026

OpenSSL 3.0.19 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. ([CVE-2025-68160])
Fixed Unauthenticated/unencrypt...

Read full release & details

OpenSSL 3.3.6 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID. ([CVE-2025-15468])
Fixed TLS 1.3 `Compressed...

Read full release & details

OpenSSL 3.4.4 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. ([CVE-2025-11187])
Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in...

Read full release & details

OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. ([CVE-2025-11187])
Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in...

Read full release & details

OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. ([CVE-2025-11187])
Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in...

Read full release & details

More C Projects

scrcpy

Display and control your Android device

137.5k

netdata

The fastest path to AI-powered full stack observability, even for lean teams.

78.3k

redis

For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine.

73.6k

curl

A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features

41.1k

View all C projects →

Jan 27, 2026

OpenSSL 3.0.19 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes. ([CVE-2025-68160])
Fixed Unauthenticated/unencrypt...

Read full release & details

OpenSSL 3.3.6 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID. ([CVE-2025-15468])
Fixed TLS 1.3 `Compressed...

Read full release & details

OpenSSL 3.4.4 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. ([CVE-2025-11187])
Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in...

Read full release & details

OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. ([CVE-2025-11187])
Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in...

Read full release & details

OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this release is High.

This release incorporates the following bug fixes and mitigations:

Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification. ([CVE-2025-11187])
Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing. ([CVE-2025-15467])
Fixed NULL dereference in...

Read full release & details