tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rémy Maucherat <>
Subject Re: OpenSSL issues and release plans
Date Tue, 03 May 2016 15:27:20 GMT
2016-05-03 16:53 GMT+02:00 Mark Thomas <>:

> Hi,
> OpenSSL have released the details of the security fixed in 1.0.2h. I've
> looked through them quickly and it looks like at least CVE-2016-2107 is
> applicable to Tomcat-Native.
> Given that I haven't got 9.0.x to the point where it is ready to release
> and that it is likely to take a couple more days to do that (mainly
> because of, I
> propose to do the following:
> Should I port the direct connection support to 8.5 ? It looks a bit hacky
but to be honest I don't want to do it "better", otherwise it will
instantly become a weird port multiplexing apparatus.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message