Skip to content

Support OpenSSL 3 / libssl3 on modern Linux Docker images #94

Description

@adubovykexternal-beep

Hi Aspose team,

We are using Aspose.Words for Python via .NET inside a Dockerized Python service and recently investigated several security findings reported by Snyk for our container image.

The main problem is that the current Aspose runtime still requires legacy native libraries, especially libssl1.1. Modern Linux base images such as Debian Bookworm / Ubuntu 22.04+ provide OpenSSL 3 via libssl3 and no longer ship libssl1.1 as a standard package.

Because of this, a clean migration to a modern Python/Linux base image is currently blocked.

What we tested:

  • Tried moving the image to a modern Python base image, for example python:3.13-slim-bookworm.
  • Installed modern system packages such as libssl3, libicu72, and libgdiplus.
  • Installed aspose-words.
  • A simple import aspose.words as aw can work in some cases, but the real runtime test fails when creating/saving a document unless the legacy native runtime stack is present.
  • When libssl1.1 is not available, the known error is:
No usable version of libssl was found

We can work around this by manually installing old packages such as libssl1.1 from older distro archives, but this is not a proper long-term solution. It also keeps triggering security findings because libssl1.1 is deprecated/EOL and no longer part of modern Linux distributions.

Expected behavior:

Aspose.Words for Python via .NET should work on modern Linux distributions and Docker base images using OpenSSL 3 / libssl3, without requiring manual installation of libssl1.1.

Why this matters:

  • Modern Python Docker images are based on OS versions that use OpenSSL 3.
  • libssl1.1 is no longer available in many supported distro repositories.
  • Security scanners flag libssl1.1 with critical/high vulnerabilities.
  • Installing old .deb packages from older distributions is not acceptable for many production environments.
  • This blocks us from properly remediating container security findings.

Could you please clarify:

  1. Is OpenSSL 3 / libssl3 support planned for Aspose.Words for Python via .NET?
  2. Is there an internal tracking ticket for this work?
  3. Is this dependent on upgrading the underlying .NET runtime used by Aspose?
  4. Is there any expected timeline or target release?
  5. What Linux base images are currently recommended for production Docker usage without relying on deprecated native packages?

Minimal reproduction example:

FROM python:3.13-slim-bookworm

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    libgdiplus \
    libssl3 \
    libicu72 \
 && rm -rf /var/lib/apt/lists/*

RUN pip install --no-cache-dir aspose-words

RUN python - <<'PY'
import aspose.words as aw

doc = aw.Document()
builder = aw.DocumentBuilder(doc)
builder.writeln("Aspose smoke test")
doc.save("/tmp/aspose-smoke-test.pdf")

print("Aspose DOCX/PDF smoke conversion OK")
PY

Current workaround:

Manually installing legacy libssl1.1 makes the runtime work, but this is not a clean security-compliant solution and cannot be considered a proper fix.

We would really appreciate official support for OpenSSL 3 / libssl3 so that Aspose.Words for Python via .NET can be used safely on modern Linux/Python Docker images.

Please note that we are already aware of the libssl1.1 workaround. The purpose of this issue is to ask for native OpenSSL 3 / libssl3 support, because the workaround does not solve the security/compliance problem.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions