Upgrade openssl 3.3.7 → 3.5.6 LTS (3.3 stream EOL 2026-04)
Is your feature request related to a problem? Please describe.
openssl (in SPECS/openssl/openssl.spec) is at 3.3.7 on the 3.3 release stream.
- 🔴
3.3 reached EOL 2026-04-09.
- Newer upstream releases: 4
- Latest upstream release: 4.0.0 (stream
4.0)
- Reference: https://endoflife.date/openssl (checked 2026-04-24)
Describe the solution you'd like
Upgrade openssl to 3.5.6 (3.5 LTS).
Describe alternatives you've considered
- Stay on
3.3, assume security maintenance (support ended 2026-04-09).
- Retire the
openssl package.
Additional context
Newer upstream releases:
| Stream |
LTS? |
Latest release |
Status |
Active support ends |
EOL |
3.4 |
|
3.4.5 |
🟢 supported |
— |
2026-10-22 |
3.5 |
⭐ LTS |
3.5.6 |
🟢 supported |
— |
2030-04-08 |
3.6 |
|
3.6.2 |
🟢 supported |
— |
2026-11-01 |
4.0 |
|
4.0.0 |
🟢 supported |
— |
2027-05-14 |
Related work in this repo
Upgrade openssl 3.3.7 → 3.5.6 LTS (3.3 stream EOL 2026-04)
Is your feature request related to a problem? Please describe.
openssl(inSPECS/openssl/openssl.spec) is at 3.3.7 on the3.3release stream.3.3reached EOL 2026-04-09.4.0)Describe the solution you'd like
Upgrade
opensslto 3.5.6 (3.5LTS).Describe alternatives you've considered
3.3, assume security maintenance (support ended 2026-04-09).opensslpackage.Additional context
Newer upstream releases:
3.43.4.53.53.5.63.63.6.24.04.0.0Related work in this repo
grypeagainstmcr.microsoft.com/azurelinux/base/core:3.0— concrete external CVE pressure on the EOL3.3stream.core:3.0flagging additional security findings on the same base image.opensslfor multiple Null Deref - branch main #16824 (open, AUTO-CHERRYPICK of Patchopensslfor multiple Null Deref #16761) and PR [AUTOPATCHER-CORE] Upgrade openssl to 3.3.6 security updates #15590 (open, autopatcher to 3.3.6) keep patching within the now-EOL3.3stream. Each new upstream CVE will require the same downstream backport effort until we move to a supported stream.