Mark,
On 5/22/25 5:30 AM, Mark Thomas wrote:
All,
This isn't going to work for 3.5.x. We need to use a newer compiler than
the one packaged with Mladen's custom Microsoft compiler bundle.
I have been meaning to look at updating the Tomcat Native builds so we
can use a standard Visual Studio installation. I guess it is time to
spend some time looking at that.
IIRC, the biggest issue with building our native components for Windows
was getting the most basic version of the MSVCRT as the dependency so we
didn't have to distribute a copy of the actual version used during the
build.
Since we build a static DLL (which I know is a contradiction in terms),
does it matter which version of MSVCRT we actually use for the build? Or
Am I wrong about the whole reason we have a custom build environment in
the first place?
-chris
On 22/05/2025 08:13, Mark Thomas wrote:
All,
The last Tomcat Native releases were in July 2024. The Windows
binaries were built with 3.0.14.
There are some low severity CVEs in 3.0.14 that we don't believe apply
to Tomcat's usage of OpenSSL but that may trigger a security scanner.
There is a new OpenSSL LTS branch, 3.5.x, that includes support for
Post Quantum Cryptography.
I'd like to get a new round of Tomcat Native releases made where the
Windows binaries are built with 3.5.x.
My question is does this need a version bump? I'm thinking not as I'm
not planning on changing the minimum OpenSSL version and these are
convenience binaries.
Any objections?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
