2015-12-04 12:42 GMT+01:00 Mark Thomas <ma...@apache.org>: > Give the recent OpenSSL vulnerability announcements [1], I was planning > on starting a tomcat-native 1.2.3 release to provide an updated Windows > binary. > > There are a few fixes in trunk since 1.2.2. I'll get the changelog updated. >
Sorry, I guess everyone forgot there's a changelog there as well. > > I'm currently planning on tagging this on Tuesday 8th Dec. We can > probably afford to wait a couple of days if anyone wants to get anything > else into a 1.2.3 release. > > On a related topic, what are people's views on switching 6.0.x, 7.0.x > and 8.0.x to 1.2.x rather than 1.1.x? > > I am investigating an issue where SSL.getPeerCertificate always returns null (for whatever reason), which may need some fixes, so it's not certain renegotiation works at the moment (although it looks like it). Hopefully this will be sorted out to be included in the tag. About forcing an update to 1.2.x for all branches, I'm not convinced at the moment. Rémy
