Security updates and apt-mark auto


I noticed that Cumulus 5.0.1 (Debian 10 / Buster) is not running the latest openssl

I can see the newer package is available if I do: apt-cache show openssl

If I do:
apt-mark auto openssl
apt-get install openssl

I get: “openssl set to manually installed”

Does Cumulus have a way to avoid security updates defined in /etc/apt/sources.list?

deb Index of /debian-security buster/updates main

Future versions of Cumulus Linux will address security vulnerabilities. It’s not recommended / supported for end users to update the packages that comprise Cumulus Linux other than through Cumulus Linux updates.