2014-04-08 11:56 GMT+04:00 Mladen Turk <mt...@apache.org>: > Hi, > > I plan to tag JK 1.2.40 pretty soon (probably end of this week) > We have few bugs in the latest release which requires a new version.
+1 There is also a need for a tc-native build, due to security issue in OpenSSL https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 I cannot test this now, but from reading the FAQ at http://heartbleed.com/ there are good chances that the current build of TC-Native (and included with windows versions of TC8, TC7 etc) is vulnerable. There should be no need for this TLS extension protocol, but apparently it is enabled by default. A test tool: https://github.com/FiloSottile/Heartbleed A discussion of this security issue: http://security.stackexchange.com/questions/55076/what-should-one-do-about-the-heartbleed-openssl-exploit Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
