14 DAY TRIAL // A new OpenSSL release has been announced for January 28, and it’s going to cover a couple of problems, one of which is going to be very important.
Until the Heartbleed vulnerability hit the entire Internet, the development of OpenSSL was sparse and in the hand of volunteers. After that problem, companies realized just how important it is to have projects like OpenSSL properly funded and maintained.
"The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2f, 1.0.1r. These releases will be made available on 28th January between approx. 1pm and 5pm (UTC). They will fix two security defects, one of 'high' severity affecting 1.0.2 releases, and one 'low' severity affecting all releases," developer Mark J Cox said on the official mailing list.
Mark also mentioned that support for 1.0.0 and 0.9.8 releases had ended on December 31, 2015, which means that upgrading to newer versions is now really important. The 1.0.1 version will be supported until December 31, 2016.
It’s interesting to see that the announcement for the updates comes with a so much in advance warning, but it’s probably done to make sure that people know that it is coming and they have time to make the changes.