Well depend a lot of your config. Even Tomcat 7.0.53 is vulnerable to heartbleed (fix release in progress with tc native)...but only if you use native. In summary if you dont use apr you are safe (jsse typically). Le 13 avr. 2014 23:10, "ihunter" <[email protected]> a écrit :
> Hi Folks, > > Sorry about this - we're having a dose of paranoia regarding HeartBleed. > > I *believe* that TomEE 1.6.0 comes with OpenSSL at version 1.0.1c. > > I don't know about our old installation Tomcat 6.0.35. > > Can someone please give me a definitive answer on what versions are > involved, and if we need to take any action on this HeartBleed thing. > > Many Thanks > Ian Hunter > > > > -- > View this message in context: > http://openejb.979440.n4.nabble.com/OpenSSL-Version-and-HeartBleed-tp4668702.html > Sent from the OpenEJB Dev mailing list archive at Nabble.com. >
