Changes between 3.6.0 and 3.6.1 [27 Jan 2026]$$$Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.$$$$$$Severity: Moderate$$$$$$Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow; invalid pointer or NULL pointer dereference during MAC verification.$$$$$$Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations.$$$$$$Reported by: Stanislav Fort (Aisle Research) and Petr Šimecek (Aisle Research) and Hamza (Metadust)$$$$$$(CVE-2025-11187)$$$$$$Tomáš Mráz$$$$$$Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing.$$$$$$Severity: High$$$$$$Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow.$$$$$$Impact summary: A stack buffer overflow may lead to a crash; causing Denial of Service; or potentially remote code execution.$$$$$$Reported by: Stanislav Fort (Aisle Research)$$$$$$(CVE-2025-15467)$$$$$$Igor Ustinov$$$$$$Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID.$$$$$$Severity: Low$$$$$$Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer; a NULL dereference occurs.$$$$$$Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service.$$$$$$Reported by: Stanislav Fort (Aisle Research)$$$$$$(CVE-2025-15468)$$$$$$Stanislav Fort$$$$$$Fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB.$$$$$$Severity: Low$$$$$$Issue summary: The openssl dgst command-line tool silently truncates input data to 16 MiB when using one-shot signing algorithms and reports success instead of an error.$$$$$$Impact summary: A user signing or verifying files larger than 16 MiB with one-shot algorithms (such as Ed25519; Ed448; or ML-DSA) may believe the entire file is authenticated while trailing data beyond 16 MiB remains unauthenticated.$$$$$$Reported by: Stanislav Fort (Aisle Research)$$$$$$(CVE-2025-15469)

Changes between 3.5.3 and 3.5.4 [30 Sep 2025]$$$Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap$$$$$$Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.$$$$$$Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.$$$$$$The issue was reported by Stanislav Fort (Aisle Research).$$$$$$(CVE-2025-9230)$$$$$$Viktor Dukhovni$$$$$$Fix Timing side-channel in SM2 algorithm on 64 bit ARM$$$$$$Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms.$$$$$$Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.$$$$$$The issue was reported by Stanislav Fort (Aisle Research).$$$$$$(CVE-2025-9231)

Changes between 3.5.3 and 3.5.4 [30 Sep 2025]$$$Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap$$$$$$Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.$$$$$$Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.$$$$$$The issue was reported by Stanislav Fort (Aisle Research).$$$$$$(CVE-2025-9230)$$$$$$Viktor Dukhovni$$$$$$Fix Timing side-channel in SM2 algorithm on 64 bit ARM$$$$$$Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms.$$$$$$Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.$$$$$$The issue was reported by Stanislav Fort (Aisle Research).$$$$$$(CVE-2025-9231)

Changes between 3.5.3 and 3.5.4 [30 Sep 2025]$$$Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap$$$$$$Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.$$$$$$Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.$$$$$$The issue was reported by Stanislav Fort (Aisle Research).$$$$$$(CVE-2025-9230)$$$$$$Viktor Dukhovni$$$$$$Fix Timing side-channel in SM2 algorithm on 64 bit ARM$$$$$$Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms.$$$$$$Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.$$$$$$The issue was reported by Stanislav Fort (Aisle Research).$$$$$$(CVE-2025-9231)

Changes between 3.5.1 and 3.5.2 [5 Aug 2025]$$$The FIPS provider now performs a PCT on key import for RSA; EC and ECX. This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.$$$Dr Paul Dale

Changes between 3.5.1 and 3.5.2 [5 Aug 2025]$$$The FIPS provider now performs a PCT on key import for RSA; EC and ECX. This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.$$$Dr Paul Dale

Changes between 3.5.1 and 3.5.2 [5 Aug 2025]$$$The FIPS provider now performs a PCT on key import for RSA; EC and ECX. This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.$$$Dr Paul Dale

Release notes are not updated$$$https://openssl-library.org/news/newslog/index.html

Release notes are not updated$$$https://openssl-library.org/news/newslog/index.html

Release notes are not updated$$$https://openssl-library.org/news/newslog/index.html

Release notes are not updated$$$https://openssl-library.org/news/newslog/index.html

Release notes are not updated$$$https://openssl-library.org/news/newslog/index.html

Release notes are not updated$$$https://openssl-library.org/news/newslog/index.html

Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]$$$OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this release is Moderate.$$$$$$This release incorporates the following bug fixes and mitigations:$$$$$$Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])$$$Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])

No Proper release notes found$$$$$$November 30; 2023 - OpenSSL 3.2 is available. Users should currently install a 3.x series and generally only need a Light edition. All application developers should have migrated their applications to use the OpenSSL 3.x series. Note that 3.0.x is a LTS release series while 3.2.x is not.$$$March 14; 2023 - OpenSSL 3.1 is available. Also; Happy Pi Day. Users should currently install a 1.1.1 series + a 3.x series for maximum application compatibility. All application developers should begin migrating their applications to use the OpenSSL 3.x series. Note that 3.0.x is a LTS release series while 3.1.x is not.$$$Refer-https://slproweb.com/products/Win32OpenSSL.html

No Proper release notes found.$$$$$$September 9; 2021 - OpenSSL 3.0 is available. Users should currently install a 1.1.1 series + a 3.0 series for maximum application compatibility. All application developers should begin migrating their applications to use OpenSSL 3.0 series. Experimental; tested ARM64 builds are now available. Most users only need to install OpenSSL Light editions. The full downloads for 3.0; which include the precompiled developer libraries and a bloated test suite; have nearly doubled in size from 1.1.1 series.$$$$$$https://slproweb.com/products/Win32OpenSSL.html

No Proper release notes found.$$$$$$September 9; 2021 - OpenSSL 3.0 is available. Users should currently install a 1.1.1 series + a 3.0 series for maximum application compatibility. All application developers should begin migrating their applications to use OpenSSL 3.0 series. Experimental; tested ARM64 builds are now available. Most users only need to install OpenSSL Light editions. The full downloads for 3.0; which include the precompiled developer libraries and a bloated test suite; have nearly doubled in size from 1.1.1 series.$$$$$$https://slproweb.com/products/Win32OpenSSL.html

No Proper release notes found.$$$$$$September 9; 2021 - OpenSSL 3.0 is available. Users should currently install a 1.1.1 series + a 3.0 series for maximum application compatibility. All application developers should begin migrating their applications to use OpenSSL 3.0 series. Experimental; tested ARM64 builds are now available. Most users only need to install OpenSSL Light editions. The full downloads for 3.0; which include the precompiled developer libraries and a bloated test suite; have nearly doubled in size from 1.1.1 series.$$$$$$https://slproweb.com/products/Win32OpenSSL.html