On Wed, Nov 2, 2022 at 2:40 AM Han Li <li...@apache.org> wrote: > > > > > 2022年11月2日 00:19,Mark Thomas <ma...@apache.org> 写道: > > > > I've just read the OpenSSL announcement. The issue has been downgraded to > > critical but we are going to need to new Tomcat Native release. There are a > > couple of stack overflow bugs in certificate verification so Tomcat could > > be accepted via CLIENT-CERT. > > > > Where are we on the migration tool. I haven't been following that closely. > > Is the repo ready for a release? > Yes, I think it’s ready. ;)
+1 Remy > Han > > > > Mark > > > > > > On 25/10/2022 16:55, Rémy Maucherat wrote: > >> On Tue, Oct 25, 2022 at 5:52 PM Mark Thomas <ma...@apache.org> wrote: > >>> > >>> Hi all, > >>> > >>> I've just seen the heads up from the OpenSSL project that there will be > >>> a 3.0.7 release on 2022-12-01 that will address a critical > >>> vulnerability. We won't know the details of the vulnerability until the > >>> release announcement. Given that it may trigger a Tomcat Native release > >>> my current thinking is: > >>> > >>> - prep for November releases as normal > >>> - review the OpenSSL issue once public > >>> - roll a Tomcat Native release if necessary > >>> - update to the new Tomcat Native release of there is one > >>> - roll the Tomcat releases > >>> > >>> Do we want to pick up an updated migration tool as well? > >> Maybe, we're in the process of integrating a PR for the tool. The > >> submitter says it makes it run faster. > >> Rémy > >>> Mark > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: dev-h...@tomcat.apache.org > >>> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: dev-h...@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org