Andrew, On 4/8/14, 5:43 PM, Andrew Carr wrote: > http://www.openssl.org/news/secadv_20140407.txt > > Hi Tomcat Devs, > > I have been on the dev list for a few years, and a tomcat developer longer > than that. While I haven't contributed yet, I was curious if this cve > needs a contribution. As far as I can tell, if you recompile your native > libs with the unaffected version of SSL, you will not be vulnerable to this > CVE. > > Is that assumption correct or does there need to be a change to tcnative?
Technically, it's just a re-link, but it makes sense to push-out the latest 1.1 branch code and call it 1.1.30 to reduce confusion and to get a few useful features out to the world. -chris
signature.asc
Description: OpenPGP digital signature
