On 04/12/2015 12:38, Rémy Maucherat wrote: > 2015-12-04 12:42 GMT+01:00 Mark Thomas <ma...@apache.org>: > >> Give the recent OpenSSL vulnerability announcements [1], I was planning >> on starting a tomcat-native 1.2.3 release to provide an updated Windows >> binary. >> >> There are a few fixes in trunk since 1.2.2. I'll get the changelog updated. >> > > Sorry, I guess everyone forgot there's a changelog there as well.
No problem. >> I'm currently planning on tagging this on Tuesday 8th Dec. We can >> probably afford to wait a couple of days if anyone wants to get anything >> else into a 1.2.3 release. >> >> On a related topic, what are people's views on switching 6.0.x, 7.0.x >> and 8.0.x to 1.2.x rather than 1.1.x? >> > I am investigating an issue where SSL.getPeerCertificate always returns > null (for whatever reason), which may need some fixes, so it's not certain > renegotiation works at the moment (although it looks like it). Hopefully > this will be sorted out to be included in the tag. I'm happy to wait if necessary. > About forcing an update to 1.2.x for all branches, I'm not convinced at the > moment. I'm just trying to avoid having to release 1.1.x and 1.2.x. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org