tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <r...@apache.org>
Subject Re: OpenSSL issues and release plans
Date Tue, 03 May 2016 16:37:09 GMT
2016-05-03 16:53 GMT+02:00 Mark Thomas <markt@apache.org>:

> Hi,
>
> OpenSSL have released the details of the security fixed in 1.0.2h. I've
> looked through them quickly and it looks like at least CVE-2016-2107 is
> applicable to Tomcat-Native.
>
> Given that I haven't got 9.0.x to the point where it is ready to release
> and that it is likely to take a couple more days to do that (mainly
> because of https://bz.apache.org/bugzilla/show_bug.cgi?id=59226), I
> propose to do the following:
>
> Update Tomcat-Native to reference 1.0.2h (possibly the only change since
> 1.2.6) and tag 1.2.7. I should be able to do that later today. By the
> time the release vote for that has finished, I should be in a position
> to tag 9.0.x and can pick up the new Tomcat-Native just before I tag.
>
> If all goes to plan, we should have a 9.0.x release around the middle of
> next week.
>
> +1 for the plan.

Rémy

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message