Forum Discussion

ChrisGonzales's avatar
ChrisGonzales
New Contributor
2 years ago

Openssl vulnerability in GoTo Resolve Unattended and GoTo Resolve Desktop Console applications

Using latest client as of 1/4/2023 of GoTo Resolve Unattended (v1.13.1.2908) and GoTo Resolve Desktop Console (1.8.1.103), Microsoft Defender has found the following vulnerability related to these applications.

 

Openssl (Installed version: 3.0.8.0)

 

Software Evidence
File paths:


c:\program files (x86)\goto resolve unattended\3855658948394338372\libcrypto-3.dll
c:\program files (x86)\goto resolve unattended\3855658948394338372\libcrypto-3-x64.dll
c:\program files (x86)\goto resolve unattended\3855658948394338372\libssl-3.dll
c:\program files (x86)\goto resolve unattended\3855658948394338372\libssl-3-x64.dll
c:\program files\goto\goto resolve desktop console\libcrypto-3-x64.dll
c:\program files\goto\goto resolve desktop console\libssl-3-x64.dll

 

Will there be a new version released anytime soon that will help address this openssl vulnerability?

 

Please advise.

 

-Chris

3 Replies

Sort By
  • ChrisGonzales's avatar
    ChrisGonzales
    New Contributor
    2 years ago

    Hello Bhajdu,

     

    Do you have an update on the new GoTo Resolve Applet release that addresses this openssl vulnerability? Thank you.

     

    -Chris

  • bhajdu's avatar
    bhajdu
    GoTo Contributor
    2 years ago

    Dear Chris,

    We plan to release support for 3.0.12 by the end of January. This is the most up to date on the 3.0 branch, wich is the LTS version (supported until September, 2026).

    Please let me know if you have any further questions.

    Kind Regards,
    Balázs Hajdu
    Product Manager @  Goto Resolve

  • GlennD's avatar
    GlennD
    GoTo Manager
    2 years ago

    Hi ChrisGonzales, welcome to the community.

     

    We plan to update the OpenSSL version currently being used, I do not have an ETA just yet but I will update this topic when one is available.