On 01/06/2010 01:21 AM, Konstantin Kolinko wrote:
2010/1/5 Mladen Turk<mt...@apache.org>:
Hi,
Native 1.1.19 is available for testing.
Compared with 1.1.18 It has minor versioning fix and allows building against
OpenSSL 1.0 (well Rainer beat me before the tag :)
If you want to take a look, the final source distribution can be
downloaded from:
http://tomcat.apache.org/dev/dist/tomcat-connectors/native/source/1.1.19
(until synced the builds are available at)
http://people.apache.org/~mturk/native/source/1.1.19
Win32/Win64 binaries will be available at:
http://tomcat.apache.org/dev/dist/tomcat-connectors/native/binaries/
So here's the vote.
It will be closed in about 72 hours
(or sooner if enough votes are encountered)
Apache Tomcat Native 1.1.19 is:
[ ] Stable - no major issues, no regressions
[ ] Beta - at least one significant issue -- tell us what it is
[ ] Alpha - multiple significant issues -- tell us what they are
Regards
--
^TM
I see that the Windows binaries are built with OpenSSL 0.9.8k:
( 1) "openssl.exe version" prints that number,
2) looking for "0.9.8" string inside the DLLs I see that number.)
Wasn't it supposed to be 0.9.8l ?
Nope. 0.9.8l is broken, so we switched back to 0.9.8k
You might check the OpenSSL dev archive (and our own about
that subject)
We have a patch in 1.1.18 that fully covers the CVE-2009-3955
like in mod_ssl.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
