> From: 'Prasad, PCRaghavendra' via openssl-users <
openss...@openssl.org>
> Sent: Tuesday, 30 September, 2025 20:59
> But in OpenSSL 3.3.4, our blackduck tool is showing two versions one is 3.3.3 and another is 3.3.4
> libssl - 3.3.3
> libcrypto - 3.3.4
BlackDuck's version detection for components which are not managed by a package manager is heuristic and, in my experience, quite often wrong. This will be particularly true for newer releases. You can verify for yourself that your libssl is 3.3.4 (by examining your build and delivery processes) and override the library version detected by BD. Or raise this as an issue with BlackDuck.
I haven't looked at the 3.3.4 sources, but this is probably not an OpenSSL issue.
--
Michael Wojcik
================================
Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number:
+1 855.577.4323
Contact Customer Support:
https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport
Unsubscribe from Marketing Messages/Manage Your Subscription Preferences -
http://www.rocketsoftware.com/manage-your-email-preferences
Privacy Policy -
http://www.rocketsoftware.com/company/legal/privacy-policy
================================
This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you.