Hi all,
OpenSSL has announced a 3.0.5 release is scheduled for tomorrow that
will include security fixes. Depending on the details of those fixes we
may need a 2.0.1 release. (And a 1.2.x release.)
We currently have 2 PMC votes for this release so we are 1 vote short.
There is an argument for proceeding with this release anyway (if it gets
another vote) - folks can always build 2.0.0 from source with their
chosen version of OpenSSL.
My current plan is wait to see if 2.0.0 gets any further votes and to
wait for the details of the OpenSSL security issues and then decide what
to do.
Mark
On 30/06/2022 14:58, Mark Thomas wrote:
This is the first release of the Tomcat Native 2.0.x branch. The major
differences compared to the 1.2.x branch are:
- JNI API has been reduced to just that required to support the use of
OpenSSL rather than JSSE for TLS connections. The APR/native connector
is not supported.
- The minimum supported versions have been increased to OpenSSL 3.0.x,
Apache APR 1.7.x, Java 11, Windows 7 / Server 2008 R2
The 2.0.x branch is primarily intended for use with Tomcat 10.1.x but
can be used with earlier versions as long as the APR/native connector is
not used.
The proposed release artefacts can be found at [1],
and the build was done using tag [2].
The Apache Tomcat Native 2.0.0 release is
[ ] Stable, go ahead and release
[ ] Broken because of ...
Thanks,
Mark
[1]
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/2.0.0
[2]
https://gitbox.apache.org/repos/asf?p=tomcat-native.git;a=commit;h=39c19afe4a3df7ea4fda778d82dc25bd494a110c
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
