On 03/05/2016 16:27, Rémy Maucherat wrote: > 2016-05-03 16:53 GMT+02:00 Mark Thomas <[email protected]>: > >> Hi, >> >> OpenSSL have released the details of the security fixed in 1.0.2h. I've >> looked through them quickly and it looks like at least CVE-2016-2107 is >> applicable to Tomcat-Native. >> >> Given that I haven't got 9.0.x to the point where it is ready to release >> and that it is likely to take a couple more days to do that (mainly >> because of https://bz.apache.org/bugzilla/show_bug.cgi?id=59226), I >> propose to do the following: >> > Should I port the direct connection support to 8.5 ? It looks a bit hacky > but to be honest I don't want to do it "better", otherwise it will > instantly become a weird port multiplexing apparatus.
+1 I'm all in favour of keeping 9.0.x and 8.5.x as close as possible. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
