Am 03.05.2016 um 16:53 schrieb Mark Thomas:
Hi,
OpenSSL have released the details of the security fixed in 1.0.2h. I've
looked through them quickly and it looks like at least CVE-2016-2107 is
applicable to Tomcat-Native.
Given that I haven't got 9.0.x to the point where it is ready to release
and that it is likely to take a couple more days to do that (mainly
because of https://bz.apache.org/bugzilla/show_bug.cgi?id=59226), I
propose to do the following:
Update Tomcat-Native to reference 1.0.2h (possibly the only change since
1.2.6) and tag 1.2.7. I should be able to do that later today. By the
time the release vote for that has finished, I should be in a position
to tag 9.0.x and can pick up the new Tomcat-Native just before I tag.
+1
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
