Hi Aspose team,
We are using Aspose.Words for Python via .NET inside a Dockerized Python service and recently investigated several security findings reported by Snyk for our container image.
The main problem is that the current Aspose runtime still requires legacy native libraries, especially libssl1.1. Modern Linux base images such as Debian Bookworm / Ubuntu 22.04+ provide OpenSSL 3 via libssl3 and no longer ship libssl1.1 as a standard package.
Because of this, a clean migration to a modern Python/Linux base image is currently blocked.
What we tested:
- Tried moving the image to a modern Python base image, for example
python:3.13-slim-bookworm.
- Installed modern system packages such as
libssl3, libicu72, and libgdiplus.
- Installed
aspose-words.
- A simple
import aspose.words as aw can work in some cases, but the real runtime test fails when creating/saving a document unless the legacy native runtime stack is present.
- When
libssl1.1 is not available, the known error is:
No usable version of libssl was found
We can work around this by manually installing old packages such as libssl1.1 from older distro archives, but this is not a proper long-term solution. It also keeps triggering security findings because libssl1.1 is deprecated/EOL and no longer part of modern Linux distributions.
Expected behavior:
Aspose.Words for Python via .NET should work on modern Linux distributions and Docker base images using OpenSSL 3 / libssl3, without requiring manual installation of libssl1.1.
Why this matters:
- Modern Python Docker images are based on OS versions that use OpenSSL 3.
libssl1.1 is no longer available in many supported distro repositories.
- Security scanners flag
libssl1.1 with critical/high vulnerabilities.
- Installing old
.deb packages from older distributions is not acceptable for many production environments.
- This blocks us from properly remediating container security findings.
Could you please clarify:
- Is OpenSSL 3 /
libssl3 support planned for Aspose.Words for Python via .NET?
- Is there an internal tracking ticket for this work?
- Is this dependent on upgrading the underlying .NET runtime used by Aspose?
- Is there any expected timeline or target release?
- What Linux base images are currently recommended for production Docker usage without relying on deprecated native packages?
Minimal reproduction example:
FROM python:3.13-slim-bookworm
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libgdiplus \
libssl3 \
libicu72 \
&& rm -rf /var/lib/apt/lists/*
RUN pip install --no-cache-dir aspose-words
RUN python - <<'PY'
import aspose.words as aw
doc = aw.Document()
builder = aw.DocumentBuilder(doc)
builder.writeln("Aspose smoke test")
doc.save("/tmp/aspose-smoke-test.pdf")
print("Aspose DOCX/PDF smoke conversion OK")
PY
Current workaround:
Manually installing legacy libssl1.1 makes the runtime work, but this is not a clean security-compliant solution and cannot be considered a proper fix.
We would really appreciate official support for OpenSSL 3 / libssl3 so that Aspose.Words for Python via .NET can be used safely on modern Linux/Python Docker images.
Please note that we are already aware of the libssl1.1 workaround. The purpose of this issue is to ask for native OpenSSL 3 / libssl3 support, because the workaround does not solve the security/compliance problem.
Hi Aspose team,
We are using
Aspose.Words for Python via .NETinside a Dockerized Python service and recently investigated several security findings reported by Snyk for our container image.The main problem is that the current Aspose runtime still requires legacy native libraries, especially
libssl1.1. Modern Linux base images such as Debian Bookworm / Ubuntu 22.04+ provide OpenSSL 3 vialibssl3and no longer shiplibssl1.1as a standard package.Because of this, a clean migration to a modern Python/Linux base image is currently blocked.
What we tested:
python:3.13-slim-bookworm.libssl3,libicu72, andlibgdiplus.aspose-words.import aspose.words as awcan work in some cases, but the real runtime test fails when creating/saving a document unless the legacy native runtime stack is present.libssl1.1is not available, the known error is:We can work around this by manually installing old packages such as
libssl1.1from older distro archives, but this is not a proper long-term solution. It also keeps triggering security findings becauselibssl1.1is deprecated/EOL and no longer part of modern Linux distributions.Expected behavior:
Aspose.Words for Python via .NETshould work on modern Linux distributions and Docker base images using OpenSSL 3 /libssl3, without requiring manual installation oflibssl1.1.Why this matters:
libssl1.1is no longer available in many supported distro repositories.libssl1.1with critical/high vulnerabilities..debpackages from older distributions is not acceptable for many production environments.Could you please clarify:
libssl3support planned for Aspose.Words for Python via .NET?Minimal reproduction example:
Current workaround:
Manually installing legacy
libssl1.1makes the runtime work, but this is not a clean security-compliant solution and cannot be considered a proper fix.We would really appreciate official support for OpenSSL 3 /
libssl3so that Aspose.Words for Python via .NET can be used safely on modern Linux/Python Docker images.Please note that we are already aware of the
libssl1.1workaround. The purpose of this issue is to ask for native OpenSSL 3 / libssl3 support, because the workaround does not solve the security/compliance problem.