The changelog states that they "fixed an an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (CVE-2019-1551)"
Sadly OpenSSL 1.0.2 will be EOL at the end of the year (sad for providers who still want to continue to support PHP 5.x). The OpenSSL team focuses in the development of version 3.0.
Sadly OpenSSL 1.0.2 will be EOL at the end of the year (sad for providers who still want to continue to support PHP 5.x). The OpenSSL team focuses in the development of version 3.0.