Server Version#: irrelevant
Player Version#: 1.108.1.307-dd5b87aa
The latests Windows Plex client comes with OpenSSL 3.1.1. 
This version has a critical vulnerability:warning:
Please keep all dependencies up-to-date, this is a pretty standard best-practice. It is a pity that a software like Plex ships with CVEs from 2023…
What is worse: this has already been reported ! Security software flags OpenSSL 3.1.1.0 as vulnerability in Plex Windows client
Regards
You can update the ssl dlls yourself if you like. Replace libssl-3-x64.dll and libcrypto-3-x64.dll inside the plex player install folder with generic OpenSSL DLLs. (I have used OpenSSL for Microsoft Windows => 3.4.1 - works with plex htpc)
Of course, Plex should update them too.
Just dropping in the new version of the DLL does not always work. If you want to go that route, I’d suggest keeping to the 3.1.x versions.
But that’s not the point. If they can’t bother keeping OpenSSL up-to-date, how can we trust them to implement any other secure coding practices?
Well, given the amount of replies from Plex staff, I’d say they don’t give a f*** about security 
Always good to know…
I would appreciate an answer on this topic :-/
@rubenamorim maybe ?
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.
