Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Unverified Commit 915eda78 authored Oct 10, 2025 by Leona Maroni

mbedtls_2: mark as vulnerable because EOL

Mbed TLS 2 is no longer maintained [^1]. This is a security relevant
package, so we should inform our users that it might be vulnerable.

^1: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.10

parent e62cc622

pkgs/development/libraries/mbedtls/generic.nix

+3 −0

Original line number	Diff line number	Diff line
		@@ -72,5 +72,8 @@ stdenv.mkDerivation rec {
		];
		platforms = platforms.all;
		maintainers = with maintainers; [ raphaelr ];
		knownVulnerabilities = lib.optionals (lib.versionOlder version "3.0") [
		"Mbed TLS 2 is not maintained anymore. Please migrate to newer versions"
		];
		};
		}

Admin message