Release 1.11.33.2-beta security release.
Release 1.11.33.2 fixes one security issue. It is otherwise identical to the previous release (1.11.33.1). We recommend that all users upgrade to receive these fixes.
In versions between 1.8.31.2 and 1.11.33.1, PageSpeed was built with an SSL library that was vulnerable to the issues detailed in the May 3, 2016 security advisory ( https://www.openssl.org/news/secadv/20160503.txt ). We have updated our crypto library to fix these issues.
We recommend that all users upgrade. If this is not possible, however, the following workaround is available:
The OpenSSL vulnerability only applies if you have FetchHttps enabled and have configured PageSpeed to fetch HTTPS content over the open internet. Disabling FetchHttps will prevent these issues, but will also disable PageSpeed's optimizations for any content that must be fetched over HTTPS.
https://www.openssl.org/news/secadv/20160503.txt Update BoringSSL to pull in OpenSSL changes.
To install this update, see: https://developers.google.com/speed/pagespeed/module/build_ngx_pagespeed_from_source
The installation process remains the same, even if you've already installed a previous version.
Jeff Crowell
PageSpeed Team