1.6.0.2 did not pass the VOTE so it's still time to upgrade the Tomcat dependencies.
That said, +1 for the release if someone wants to volunteer. Jean-Louis -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Wed, Feb 18, 2015 at 2:13 PM, Thibault TIGEON <[email protected]> wrote: > Hello everyone, > > The version 1.6.0.2 was built with Tomcat 7.0.53. > But There is a security alert on this version : > http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55 > Secunia alert is available here <http://secunia.com/advisories/62768/> . > > Do you think it would be possible to have a new version (1.6.0.3) solving > this problem? > > Regards, > > Thibault > > > > -- > View this message in context: > http://tomee-openejb.979440.n4.nabble.com/New-version-of-security-1-6-0-3-due-to-a-tomcat-CVE-CVE-2014-0227-tp4673783.html > Sent from the TomEE Dev mailing list archive at Nabble.com. >
