tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Tagging 9.0.x and 8.5.x
Date Mon, 08 Jan 2018 09:31:03 GMT
2018-01-04 23:42 GMT+03:00 Mark Thomas <markt@apache.org>:
> Hi all,
>
> It is the start of a new month and the open issue list looks to be clear
> so I'm planning on tagging 9.0.x and 8.5.x early next week.

Is there a need for a new Tomcat-Native build for Windows,
to update to OpenSSL 1.0.2n (released 2017-12-07).

Tomcat Native 1.2.16 (released 2017-11-20) is built with 1.0.2m,

https://www.openssl.org/news/newslog.html

Generally, I think that CVE-2017-3737 does not affect us, as I read it that it
relies on an application ignoring a fatal error from a handshake and
continuing to read data,
and I think that Tomcat won't ignore a fatal handshake error.


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message