News, events, thought leadership and more.

On Tuesday, November 1st, 2022, Alteryx became aware of two high severity vulnerabilities in OpenSSL security framework (CVE-2022-3602 & CVE-2022-3786), also known as “Spooky SSL.” These vulnerabilities were announced as a “Critical” severity rating but downgraded to “High” upon further analysis by OpenSSL. These CVEs are related to buffer overruns in the security certificate verification code, and more information can be found on the OpenSSL site


Patched Products


Release 2022.1.1.42590 Patch 3 has been released for:

  • Server 22.1+  
  • Designer 22.1+


Potentially Affected Products 


These products and versions include OpenSSL 3.0 and patches are in development:

  • Server FIPS 22.1+
  • Designer FIPS 22.1+


Products Confirmed as Not Impacted 


  • Designer builds up to and including version 21.4
  • Server builds up to and including version 21.4
  • Trifacta (on premises) AKA Designer Cloud (self-managed)
  • Google Cloud Data Prep
  • Designer Cloud Powered by Trifacta
  • Machine Learning
  • Intelligence Suite
  • Connect 
  • Alteryx Analytics Hub
  • Auto Insights
  • Promote
  • Metrics Store


Third Party Software


Third-party software may be impacted. If you downloaded tools such as database drivers or other management tools, please refer to those vendors for support and updates.

11 - Bolide

I just learnt that the patches were silently released so I hope the subscription feature can be extended to include modifications to the message that the thread started with.

9 - Comet



Is it possible for you to confirm exactly which version of 3.0 has been used for Alteryx v22.1 patch?


Is it possible to confirm the version of OpenSSL used in v21.4 and earlier.


Following the upgrade we are experiencing issues with SSL connections being refused by a system that we are told is fully up to date i.e. should have matching cypher suites etc. so any additional information on what has changed would be very useful.