✨ Announcing Render's $50M Series B. ✨

OpenSSL Patch

By Ed Ropple

Render takes your infrastructure problems away and gives you a battle-tested, powerful, and cost-effective cloud with an outstanding developer experience. Focus on building your apps, shipping fast, and delighting your customers, and leave your cloud infrastructure to us.

Security Announcement in Response to OpenSSL Patches

Render is aware of the patches released today for OpenSSL 3.0 (CVE-2022-3602 and CVE-2022-3786). Render services are not affected by these CVEs. This weekend we found that because this only impacts OpenSSL 3.0.X versions, our core services were not affected. Today the OpenSSL team released their update with full details.

In their update, they explained that they have downgraded the 1 ‘critical’ vulnerability to ‘high’ based on the limited ability, in practice, for exploitability. The primary method of exploitation would be for a vulnerable TLS client to connect to a malicious TLS server. Additionally, at least some versions of Linux do not contain the RCE at all. We will continue in our commitment to proper patching and we encourage everyone to do so as well. In this case, we are not affected.

For more information about these patches, refer to BleepingComputer’s article: ”OpenSSL fixes two high severity vulnerabilities, what you need to know

Ed Ropple

At the time of writing, Ed was a Developer Advocate at Render.

Subscribe to our newsletter for regular product updates.

Discover More

  1. How Render Scaled Knative to Support 100k+ Free-Tier Apps

    As Render free-tier apps exploded in popularity, we needed to make the feature much more scalable. This work was our first step along that path.

    - Hieu Nguyen

  2. Render design doc: Reducing Free-tier networking footprint

    An in-depth supplement for the post 'How Render scaled Knative to support 100k+ Free-tier apps'

    - Hieu Nguyen

  3. Deploy prebuilt Docker images to Render

    Render now supports deploying Docker images directly from your container registry.

    - Stephen Barlow

  4. Announcing Point-in-Time Recovery

    With Point-in-Time Recovery enabled for your Render PostgreSQL, if you and your team experience unexpected data loss, you can restore to a new database seeded with data from archiv…

    - Scott Numamoto