On Tue, Oct 25, 2022 at 5:52 PM Mark Thomas <ma...@apache.org> wrote: > > Hi all, > > I've just seen the heads up from the OpenSSL project that there will be > a 3.0.7 release on 2022-12-01 that will address a critical > vulnerability. We won't know the details of the vulnerability until the > release announcement. Given that it may trigger a Tomcat Native release > my current thinking is: > > - prep for November releases as normal > - review the OpenSSL issue once public > - roll a Tomcat Native release if necessary > - update to the new Tomcat Native release of there is one > - roll the Tomcat releases > > Do we want to pick up an updated migration tool as well?
Maybe, we're in the process of integrating a PR for the tool. The submitter says it makes it run faster. Rémy > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
