On 12/05/2026 21:45, Rémy Maucherat wrote:
On Tue, May 12, 2026 at 6:07 PM Mark Thomas <[email protected]> wrote:
<snip/>
Given this change in circumstances, I think it is worth reconsidering how we approach security vulnerabilities and releases.
<snip/>
- Run some (which?) AI security scans on the Tomcat code base to try get ahead (unlikely) but at least keep up with anything an attacker could find.I plan to do that (sorry, I started with the javadoc instead ...). It is important to do it all the time, as soon as a more "capable" model is released (I'm not sure it is really more capable, but since they're all quite different they might catch different issues).
I'll see what I can enable in GitHub. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
