Statement Regarding OpenSSL Vulnerabilities 2022-11-01

The distributed Discourse image (used by both self-hosters and on our SaaS platform) uses Debian OpenSSL 1.1.1n-0+deb11u3 and is not vulnerable to OpenSSL’s CVE-2022-3786 and CVE-2022-3602.

More details on the vulnerability can be found at CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows - OpenSSL Blog.