Hi in ......\framework\runtime\ds\bin\ the openssl.exe file is v1.1.1s which went End of Life in September 2023 therefore flagged as a high risk by our scans.
I logged a call with Esri(UK) about this about this, but just got redirected to the Esri Security site.
Has anyone else had this issue?
What are peoples' thoughts about simply replacing it with the version that ships with 11.3 (openssl version 3.0.13)
Won't a official response from Esri be more valuable than other people's thought regarding a vulnerability? You can use it as an official justification for IT.
I have had very quick responses from them, so like Esri UK recommended, you should report it, if you haven't already Report a Security or Privacy Concern .
