Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
general:openssl3 [2022/11/01 18:34] emrgeneral:openssl3 [2022/11/02 12:36] anh
Line 1: Line 1:
-====== Stages and OpenSSL 3.x Vulnerability CVE-2022-3358 ====== +====== Stages and OpenSSL 3.x Vulnerabilities CVE-2022-3602, CVE-2022-3786 ======
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted.</font> +
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>On premise Stages installations are not impacted, unless all of the following conditions apply:</font>+
  
-​​​​​​​ <font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL 3.0.0 - 3.0.5 is installed on your operating systemYou can check by executing "openssl version" on the command line.</font>+The Stages managed services *.stages.digital and *.stagesasaservice.com are not impacted.
  
-​​​​​​​ <font 11pt/Calibri,sans-serif;;inherit;;inherit>OpenSSL usage is explicitly enabled by removing the comments around</font> +On premise Stages installations are not impactedunless the following conditions apply: 
- <font 11pt/Consolas;;black;;inherit><!– <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> ></font \\ + 
- <font 11pt/Calibri,sans-serif;;inherit;;inherit>in …/conf/server.xmlThe default configuration uses the Java SSL implementationwhich is not vulnerable.</font>+  * OpenSSL 3.0.0 3.0.6 is installed on your operating system. You can check by executing "openssl version" on the command line. 
 +  * OpenSSL usage is explicitly enabled by configuring an SSL Connector and removing the comments around the following configuration line in …/conf/server.xml. The default configuration uses the Java SSL implementation, which is not vulnerable. 
 + 
 +<code> 
 +<!-- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> --> 
 + 
 +</code
 + 
 +If you are using a reverse proxy in front of Stages (e.g. Apache Server)please also check whether it is configured with one of the affected OpenSSL versions (3.0.0-3.0.6) and if this is the caseinstall the newest version.