Hi all,
I've just seen the heads up from the OpenSSL project that there will be
a 3.0.7 release on 2022-12-01 that will address a critical
vulnerability. We won't know the details of the vulnerability until the
release announcement. Given that it may trigger a Tomcat Native release
my current thinking is:
- prep for November releases as normal
- review the OpenSSL issue once public
- roll a Tomcat Native release if necessary
- update to the new Tomcat Native release of there is one
- roll the Tomcat releases
Do we want to pick up an updated migration tool as well?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org