This isn't "solved", you just have a temporary workaround. Why does it keep getting marked solved?

I just have to post again, as this is NOT solved, and I know Virginia @VA11_2 advised the 3.1.5 CVE fixes were backported with @Borts 's internal comms.

When this was originally raised, Zooms implementation of OpenSSL was version 3.1.1 and there were 4x CVE's with 3x of those fixed by upgrading the dependency to the released 3.1.4.
One of those CVE's required a backport CVE-2023-5678 , Fixed in OpenSSL 3.1.5 (Affected since 3.1.0).

The OpenSSL 3.1.4 was pulled from 5.17.1 (28914), and in turn was released on January 8, 2024 with version 5.17.2 (29988).

As such with @VA11_2's confirmation, this states that CVE-2023-5678 can be marked as backported in Zoom's OpenSSL 3.1.4 compilation.

The very next day later from Zoom's 5.17.2, On the 9th of January, OpenSSL declared CVE-2023-6129, Fixed in OpenSSL 3.1.5 (Affected since 3.1.0).
On the 15th of January CVE-2023-6237 is posted on OpenSSL's site along with a git commit Fixed in OpenSSL 3.1.5 (Affected since 3.1.0).

Later on the 25th of January, OpenSSL posted CVE-2024-0727, Fixed in OpenSSL 3.1.5 (Affected since 3.1.0).

As all of these 3x additional CVE's impacting 3.1.4 was declared AFTER the Zoom fix in the Zoom Changelogs, and the fact that no further details were declared by Zoom in the changelogs, I feel the community's concerns about Zoom and their handling of this situation are entirely valid.

Based on the above, Zoom needs to make a statement of which CVE's were backported, and the simplest method would be to patch the OpenSSL version to 3.1.5 which was formally released on the 30th of January.

March 2024 now looms and with the amount of Zoom attention on both the Community Post and Development Post, a fix should be issued promptly.

The line in Zoom's February 26th Release Notes for Version 5.17.10 (33775) does not include the 3x CVE git commits backported to 3.1.4, and why would you, 3.1.5 was released the month prior.

Still no mention of OpenSSL 3.1.5 or greater in the release notes, nor a simple confirmation of which CVE code fixes have been backported to zooms 3.1.4 codebase.

March 8, 2024 version 5.17.11
New and enhanced features
Simplified AI Companion consent notifications for hosts
When the meeting host initiates the meeting summary or meeting questions features, they will no longer see the consent prompt, and instead will see a simple toast notification along the top of the meeting window, which will disappear after a few seconds. Other meeting participants will see the consent notification as a prompt along the top of the meeting window, but must acknowledge the prompt before it will disappear.
Resolved Issues
Minor bug fixes
Resolved an issue regarding the first session of a recurring meeting not syncing properly from Outlook

Confirmed Zoom Version 5.17.11 (34827) (64-bit) (8th March 2024) utilises the OpenSSL 3.1.4.

we're now on month 4 without any kind of clear and supported official communication about this. i get better service at the local mcdonalds than i do from this company we're paying multiple 100s of thousands of dollars to each year, but not for long after this debacle.

We're now 5 months in, a whole new Zoom platform upgrade release up-versioned from 5.x to 6.0 and this still hasn't been fixed. Pathetic

Updated to Version 6.0.4 (38135) (64-bit) and it is still OpenSSL 3.1.4 after a new CVE had triggered earlier in the month.
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3

It really is not hard for the relevant Zoom employee to bookmark the OpenSSL dependency URL that lists CVE's e.g. their /news/vulnerabilities.html page.

It has been 5 months, and we are still playing catch-up and Zoom clearly has no desire to get ahead and stay ahead.

The way this is going at some point Zoom will be hiring software engineers who weren't in college yet when these CVEs were disclosed while the issue remains unresolved.

Running Zoom 6.0.10.39647 and it's now OpenSSL 3.1.5
Check release notes for May 20, 2024 version 6.0.10 (39171)

Zoom has only got CVE-2024-4603 and CVE-2024-2511 against it now until they increase the dependency.

6.1.5 (build 43316) - still vulnerable to CVE-2024-2511