Re: November release round

Tue, 01 Nov 2022 18:40:52 -0700 


> 2022年11月2日 00:19,Mark Thomas <ma...@apache.org> 写道:
> 
> I've just read the OpenSSL announcement. The issue has been downgraded to 
> critical but we are going to need to new Tomcat Native release. There are a 
> couple of stack overflow bugs in certificate verification so Tomcat could be 
> accepted via CLIENT-CERT.
> 
> Where are we on the migration tool. I haven't been following that closely. Is 
> the repo ready for a release?
Yes, I think it’s ready. ;)

Han
> 
> Mark
> 
> 
> On 25/10/2022 16:55, Rémy Maucherat wrote:
>> On Tue, Oct 25, 2022 at 5:52 PM Mark Thomas <ma...@apache.org> wrote:
>>> 
>>> Hi all,
>>> 
>>> I've just seen the heads up from the OpenSSL project that there will be
>>> a 3.0.7 release on 2022-12-01 that will address a critical
>>> vulnerability. We won't know the details of the vulnerability until the
>>> release announcement. Given that it may trigger a Tomcat Native release
>>> my current thinking is:
>>> 
>>> - prep for November releases as normal
>>> - review the OpenSSL issue once public
>>> - roll a Tomcat Native release if necessary
>>> - update to the new Tomcat Native release of there is one
>>> - roll the Tomcat releases
>>> 
>>> Do we want to pick up an updated migration tool as well?
>> Maybe, we're in the process of integrating a PR for the tool. The
>> submitter says it makes it run faster.
>> Rémy
>>> Mark
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to