DataDog Agent v7.50.0 still contains OpenSSL 3.0.8 dll's with known vulnerabilties

[RoelofRoelofsen]

In the release notes (security notes) of version 7.50.0 I found updated OpenSSL from 3.0.11 to 3.0.12.

MIcrosoft Defender still found OpenSSL dll's with version 3.0.8 with known vulnerabilties in the DataDog Agent application folders (C:\Program Files\Datadog\Datadog Agent\embedded3\Lib\site-packages\confluent_kafka.libs).

[toucheDD]

This is still not fixed in newest versions. 7.52.1 nor 7.53.0?
Is it even being considered to be fixed?

[smerkx]

Also not fixed in 7.54.0. Defender alerts on:
3.0.13.0:
c:\program files\datadog\datadog agent\embedded3\dlls\libcrypto-3.dll
c:\program files\datadog\datadog agent\embedded3\dlls\libssl-3.dll

3.0.8.0:
c:\program files\datadog\datadog agent\embedded3\lib\site-packages\confluent_kafka.libs\libcrypto-3-x64-635e87f2c9173c8128924a94337627b3.dll
c:\program files\datadog\datadog agent\embedded3\lib\site-packages\confluent_kafka.libs\libssl-3-x64-a0018292260ae8557aa3cd7db7d50307.dll

[smerkx]

Release notes for 7.56.0 say:
Security Notes:

• updating openssl to 3.0.14 to address CVE-2024-4741

Updated all agents to 7.56.0, but that still installs openssl 3.0.13 dlls in c:\program files\datadog\datadog agent\embedded3\dlls