openssl security release 1.1.1g - vulnerability HIGH

[sam-github]

Until the OpenSSL release occurs, we won't know if the issue affects Node.js or not.

---

https://mta.openssl.org/pipermail/openssl-announce/2020-April/000170.html

The OpenSSL project team would like to announce the forthcoming release
of OpenSSL version 1.1.1g.

This release will be made available on Tuesday 21st April 2020 between
1300-1700 UTC.

OpenSSL 1.1.g is a security-fix release. The highest severity issue
fixed in this release is HIGH:
https://www.openssl.org/policies/secpolicy.html#high

Yours

The OpenSSL Project Team

[sam-github]

@hassaanp offered to do the openssl update.

[sam-github]

Next TSC meeting will be right after the openssl release, Node.js impact can be discussed then.

public announcement: nodejs/nodejs.org#3113

[sam-github]

@nodejs/releasers Calling for volunteer/volunteers!

Its not known if sec releases will be required yet, but if they are, and need to be expedited, we'll need someone to do the releases.

Affected release lines will be all those currently supported: 10,12,13,14

[targos]

I can do 13 and/or 12

[sam-github]

https://www.openssl.org/news/secadv/20200421.txt is the sec issue addressed