On Oct 25, 2022, The OpenSSL challenge introduced a forthcoming launch of OpenSSL (model 3.0.7) to handle a essential safety vulnerability. The vulnerability is tracked as CVE-2022-3602 and impacts deployments of OpenSSL from 3.0.0 to three.0.6. It has since been decreased from “essential” to “excessive.” The discharge of model 3.0.7 went stay on Tuesday, November 1, 2022.
There isn’t a present motion required of Amplitude prospects. Protecting our prospects’ knowledge secure is our primary precedence, so we’re actively monitoring this situation and taking steps to mitigate it appropriately.
Amplitude providers should not impacted by the OpenSSL vulnerability. Whereas Amplitude providers should not presently impacted, we have now reached out to our related third-party distributors to find out their standing and impacts. We are going to proceed to watch in case new vulnerabilities are found or the scope modifications, and if wanted, we’re ready to mitigate appropriately.
As we proceed to realize an understanding of this vulnerability, the Amplitude workforce will proceed to watch the standing of the vulnerability. We are going to maintain you knowledgeable of any developments by including onto this weblog put up.
We’re right here to assist. You probably have extra questions, please attain out to assist.amplitude.com.