tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Tagging 9.0.x and 8.5.x
Date Mon, 08 Jan 2018 09:31:03 GMT
2018-01-04 23:42 GMT+03:00 Mark Thomas <>:
> Hi all,
> It is the start of a new month and the open issue list looks to be clear
> so I'm planning on tagging 9.0.x and 8.5.x early next week.

Is there a need for a new Tomcat-Native build for Windows,
to update to OpenSSL 1.0.2n (released 2017-12-07).

Tomcat Native 1.2.16 (released 2017-11-20) is built with 1.0.2m,

Generally, I think that CVE-2017-3737 does not affect us, as I read it that it
relies on an application ignoring a fatal error from a handshake and
continuing to read data,
and I think that Tomcat won't ignore a fatal handshake error.

Best regards,
Konstantin Kolinko

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message