Thanks for the response, both of you.
On Thu, Apr 10, 2014 at 4:30 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Andrew, > > On 4/8/14, 5:43 PM, Andrew Carr wrote: > > http://www.openssl.org/news/secadv_20140407.txt > > > > Hi Tomcat Devs, > > > > I have been on the dev list for a few years, and a tomcat developer > longer > > than that. While I haven't contributed yet, I was curious if this cve > > needs a contribution. As far as I can tell, if you recompile your native > > libs with the unaffected version of SSL, you will not be vulnerable to > this > > CVE. > > > > Is that assumption correct or does there need to be a change to tcnative? > > Technically, it's just a re-link, but it makes sense to push-out the > latest 1.1 branch code and call it 1.1.30 to reduce confusion and to get > a few useful features out to the world. > > -chris > > -- With Regards, Andrew Carr e. andrewlanec...@gmail.com w. andrew.c...@openlogic.com h. 4235255668 c. 4239489852 a. 101 Francis Drive, Greeneville, TN, 37743
