OpenSSL has just announced a security release next week. We won't know until then if any of the issues affect tomcat-native.
My current plan is not to delay the 9.0.x etc. tags for this. We can always make a new tomcat-native release if necessary. That said if the OpenSSL release drops before the tag we can easily pick it up if we need to. Mark
