All,
On 5/26/23 13:46, Christopher Schultz wrote:
Mark,
On 5/24/23 04:28, Mark Thomas wrote:
OpenSSL has just announced a security fix release for 30 May.
We won't know what the security issues are until then so my tentative
plan is to tag and release Native 1.2.x and 2.0.x on 31 May, release
Native 1.2.x and 2.0.x relatively quickly, update all Tomcat versions
to use the new Native versions and then start the June releases.
Thoughts?
Sounds good. I can set aside some time on Wednesday morning to roll
10.1.x and 8.5.x as well.
Having read the announcement, I don't think there is a particular rush
to get the June release out ASAP.
We bundle OpenSSL 1.1.1 with official Tomcat releases and the
announcement seems to indicate that 1.1.1 is even less affected than usual.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
