Analysis has confirmed that the relevant OpenSSL string operations have been used correctly and safely in EDK2.
Until further notice, the following versions of OpenSSL are appropriate to use within the EDK2 CryptoPkg:
- OpenSSL 1.1.1j, updated in the edk2-stable202105 stable tag
- OpenSSL 1.1.1n, updated in the edk2-stable202205 stable tag