Open SSL vulnerability - version lower than 3.1.5

PaulB10000 · ‎2024-02-14

Hi,

The previous thread https://community.zoom.com/t5/Meetings/OpenSSL-Vulnerability-Zoom-Meetings-uses-old-version-3-1-1/m-... has been marked as closed.

Please advise if there is an updated Zoom installer version available that includes OpenSSL version 3.1.5 or above?

Please would you let us have an eta?

VA · ‎2024-02-23

@PaulB10000 The latest Zoom client utilizes security fixes addressed in OpenSSL 3.1.5 and is packaged with version 3.1.4. Since Microsoft Defender only detects OpenSSL 3.1.4 and not our custom fix, it outputs a warning. Once OpenSSL 3.1.5 is available as a stable release, Zoom plans to adopt this version into the Zoom apps and that change will be called out in our official release notes. Many thanks to @Bort for researching this internally.

Virginia
Zoom Community Team
Have you heard of Zoom AI Companion?

BizD3v · ‎2024-07-10

Virginia, thank you for the info--knowing you have a custom patch in place provides some peace of mind.
And 3.1.5 has been stable for months, 3.1.6 is now stable for over a month. Zoom has done major updates, moving us all to your workplace. But if it continues to be months to years behind (this issue has been around that long, going back in my experience to at least 3.1), I'm going to have to remove Zoom from all our client systems. It simply represents too much custom work for our security folks to constantly make exceptions for your software.
Is there any plan to actually address this?

nathian · ‎2024-05-07

Hi @VA Has there been any update on this one?

nathian · ‎2024-05-08

@Bort Please can you give anymore info on the above?

Thanks

Communication

Productivity

Apps & Integration

Spaces

Employee Engagement