Skip to main content
J
jw_CS14-Alexandrite
14-Alexandrite
February 2, 2026
Solved

Update Windchill Apache because of OpenSSL

  • February 2, 2026
  • 1 reply
  • 209 views

Version: Windchill 12.1

 

Use Case: Tips regarding OpenSSL Update


Description:

Hi

I have set Windchill version on 12.1, even if my question is probably valid for a whole range of other Windchill versions.
Last week there is released a new version of OpenSSL(3.6.1) because of 12 vulnerabilities. Since Windchill is delivered with Apache and thus OpenSSL. What is best way for updating.

If PTC is releasing a fix? If not what is best way to update Apache?

 

 

Best answer by mmeadows-3

There is no documented or supported method to manually update Windchill's Apache or OpenSSL.

https://www.ptc.com/en/support/article/CS381201

 

This article shows the OpenSSL and Apache versions per Windchill release.

https://www.ptc.com/en/support/article/CS331220

If you don't see the version you want, log a call with PTC and ask them when it will be supported.  Also ask them if the bug list you referenced has any bearing on OpenSSL 3.0.X versions.  It may be that 3.6.1 is fixing bugs introduced in versions greater than the 3.0.x stream.

 

According to PTC, the only way to get security fixes for Apache and OpenSSL is by patching Windchill.  So, if you do see the version you want, update Windchill to the latest maintenance patch.

https://www.ptc.com/en/support/article/CS422246

 

1 reply

M
mmeadows-316-PearlAnswer
16-Pearl
February 2, 2026

There is no documented or supported method to manually update Windchill's Apache or OpenSSL.

https://www.ptc.com/en/support/article/CS381201

 

This article shows the OpenSSL and Apache versions per Windchill release.

https://www.ptc.com/en/support/article/CS331220

If you don't see the version you want, log a call with PTC and ask them when it will be supported.  Also ask them if the bug list you referenced has any bearing on OpenSSL 3.0.X versions.  It may be that 3.6.1 is fixing bugs introduced in versions greater than the 3.0.x stream.

 

According to PTC, the only way to get security fixes for Apache and OpenSSL is by patching Windchill.  So, if you do see the version you want, update Windchill to the latest maintenance patch.

https://www.ptc.com/en/support/article/CS422246

 

    avillanueva
    23-Emerald I
    avillanueva23-Emerald I
    23-Emerald I
    February 2, 2026

    @mmeadows-3 is right. I would also note that OpenSSL 3.0 is a LTS release which is why it appears to remain the one they deploy. This is similar to PTC releases. It is possible for you to deploy your own webserver to whatever version you want and not use the PTC supplied one. Curious is the CVEs fixed in 3.6.1 are back ported to 3.0.x.

    J
    jw_CS14-AlexandriteAuthor
    14-Alexandrite
    February 2, 2026

    They Did already

    jw_CS_0-1770034861442.png

    There is a new release of every version of the series (https://openssl-library.org/source/)

    But why 3.0.x and not 3.5.x?

    Terms & ConditionsCookie settingsAccessibility statement