From 3c88786bb0d2c10a04ab991472224aa492d15aee Mon Sep 17 00:00:00 2001
From: Bart <bthomee@users.noreply.github.com>
Date: Fri, 10 Oct 2025 10:18:24 -0400
Subject: [PATCH 1/2] refactor: Downgrades OpenSSL to 3.5.4 (#5878)

This change downgrades OpenSSL 3.6.0 to 3.5.4. To avoid potential zero-day issues in a new major version of OpenSSL, 3.6.0, it is safer to stick with 3.5.4. While 3.6.0 has some nice new features, such as improved SHA512 hashing, it also introduces new features that could contain bugs. In contrast, 3.5.4 has seen quite a few bug fixes over 3.5.0 and has been used in the wild for a while now.
---
 conan.lock   | 2 +-
 conanfile.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/conan.lock b/conan.lock
index 9f52c606a7..cb25777423 100644
--- a/conan.lock
+++ b/conan.lock
@@ -9,7 +9,7 @@
         "rocksdb/10.0.1#85537f46e538974d67da0c3977de48ac%1756234304.347",
         "re2/20230301#dfd6e2bf050eb90ddd8729cfb4c844a4%1756234257.976",
         "protobuf/3.21.12#d927114e28de9f4691a6bbcdd9a529d1%1756234251.614",
-        "openssl/3.6.0#89e8af1d4a21afcac0557079d23d8890%1759746682.365",
+        "openssl/3.5.4#a1d5835cc6ed5c5b8f3cd5b9b5d24205%1759746684.671",
         "nudb/2.0.9#c62cfd501e57055a7e0d8ee3d5e5427d%1756234237.107",
         "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1756234228.999",
         "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1756223727.64",
diff --git a/conanfile.py b/conanfile.py
index 4cd9bd3c5a..7f8ab24fbd 100644
--- a/conanfile.py
+++ b/conanfile.py
@@ -27,7 +27,7 @@ class Xrpl(ConanFile):
         'grpc/1.50.1',
         'libarchive/3.8.1',
         'nudb/2.0.9',
-        'openssl/3.6.0',
+        'openssl/3.5.4',
         'soci/4.0.3',
         'zlib/1.3.1',
     ]

From 8456b8275e9d0491be77e2c59c831bdabab27510 Mon Sep 17 00:00:00 2001
From: Bart <bthomee@users.noreply.github.com>
Date: Fri, 10 Oct 2025 12:22:42 -0400
Subject: [PATCH 2/2] chore: Add wildcard to support triggering for release
 pipelines (#5879)

This change adds a wildcard to the release branch in the CI pipeline spec. Namely, after adopting an improved release process, with release branches that now look like release-X.Y, the trigger pipeline was no longer running as it only searched for an exact match to release.
---
 .github/workflows/on-trigger.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/on-trigger.yml b/.github/workflows/on-trigger.yml
index b06d475a4d..9d2ea81520 100644
--- a/.github/workflows/on-trigger.yml
+++ b/.github/workflows/on-trigger.yml
@@ -9,9 +9,9 @@ name: Trigger
 on:
   push:
     branches:
-      - develop
-      - release
-      - master
+      - "develop"
+      - "release*"
+      - "master"
     paths:
       # These paths are unique to `on-trigger.yml`.
       - ".github/workflows/reusable-check-missing-commits.yml"