This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
On Tuesday, November 1st, 2022, Alteryx became aware of two high severity vulnerabilities in OpenSSL security framework (CVE-2022-3602 & CVE-2022-3786), also known as “Spooky SSL.” These vulnerabilities were announced as a “Critical” severity rating but downgraded to “High” upon further analysis by OpenSSL. These CVEs are related to buffer overruns in the security certificate verification code, and more information can be found on the OpenSSL site.
Release 2022.1.1.42590 Patch 3 has been released for:
Potentially Affected Products
These products and versions include OpenSSL 3.0 and patches are in development:
Server FIPS 22.1+
Designer FIPS 22.1+
Products Confirmed as Not Impacted
Designer builds up to and including version 21.4
Server builds up to and including version 21.4
Trifacta (on premises) AKA Designer Cloud (self-managed)
Google Cloud Data Prep
Designer Cloud Powered by Trifacta
Alteryx Analytics Hub
Third Party Software
Third-party software may be impacted. If you downloaded tools such as database drivers or other management tools, please refer to those vendors for support and updates.