The latest versions of OpenSSL that appeared online yesterday and fix one vulnerability were taken offline a day later due to a "severe regression". Matt Caswell of the OpenSSL Project Team has announced this. OpenSSL is one of the most widely used software for encrypting internet connections.
For example, websites use it to encrypt traffic to and from visitors, but it is also used within all kinds of applications. Vulnerabilities in OpenSSL can have major consequences, as the Heartbleed leak has shown in the past. Yesterday OpenSSL released versions 1.1.1r and 3.0.6. This latest release addresses a vulnerability (CVE-2022-3358) whose impact is rated as "low". In addition, several bugs have been fixed in both versions.
Through the OpenSSL mailing list, Caswell announces that it has been decided to take versions 1.1.1r and 3.0.6 offline due to a "severe regression". As far as is known, this regression should not have any security implications. However, the investigation is still ongoing. Now that versions 1.1.1r and 3.0.6 have been taken offline, users are advised to continue using versions 3.0.5 and 1.1.1q for now. A new plan for the release of versions 3.0.7 and 1.1.1s is coming soon.