Hi
Openj9 is not affected I think so version wouldnt be enough, jvm name
should be tested too.
Le sam. 30 avr. 2022 à 00:18, Mark Thomas a écrit :
> On 29/04/2022 19:41, Christopher Schultz wrote:
>
>
>
> > 1. The underlying JVM is affected
> > 2. A Connector is defined with uses mutual TLS
>
On 29/04/2022 19:41, Christopher Schultz wrote:
1. The underlying JVM is affected
2. A Connector is defined with uses mutual TLS
3. The client's key is ECDSA
I was thinking that on startup, we could check for a vulnerable
environment and simply refuse to start the server.
If there are n
Mark,
On 4/29/22 06:03, Mark Thomas wrote:
Hi all,
There are a couple of things I think we need to take into account for
the May releases.
1. OpenSSL. A security release is due 2022-05-03. I am assuming we'll
need to pick that up for Tomcat Native. I am therefore planning for a
Tomcat Nati
https://bz.apache.org/bugzilla/show_bug.cgi?id=66035
--- Comment #5 from Christopher Schultz ---
(In reply to Remy Maucherat from comment #3)
> JF seems to think simply return NULL; is enough (I agree this is not an
> error).
Aha, so simply return NULL instead of throwing an exception?
> Also t
Personally I like this approach. I would suggest putting a descriptive error
description in the logs if this is detected and startup is aborted. From an
environment where curtailing vulnerabilities is key, regardless of the source,
this is truly a Martha Stuart moment. It's a good thing. :-)
Th
All,
Please remember that the ApacheCon North American conference is still
accepting presentations until 23 May 2022.
The Tomcat track currently has *zero* proposals, and we were hoping to
fill a 3-day track.
So please, send in your ideas for presentations!
Thanks,
-chris
On 4/7/22 10:26,
All,
CVE-2022-21449 is a bug in the JDK which allows a malicious signer using
ECDSA to forge a signature which an affected (buggy) verifier fails to
detect.
I used deliberate language above instead of "client" and "server"
because in many csases, the server is performing verification as well
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 68c42b803b Language improvements
68c42b803b is desc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 7144b24217 Language improvements
7144b24217 is desc
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 8a9f3f08d2 Language improvements
8a9f3f08d2 is de
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 75049f0c75 Language improvements
75049f0c75 is descri
https://bz.apache.org/bugzilla/show_bug.cgi?id=66023
--- Comment #7 from Mark Thomas ---
I've committed a fix for 10.1.x. I'll give folks a chance to review it before I
think about back-porting it.
--
You are receiving this mail because:
You are the assignee for the bug.
---
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 28ee966d97 Fix BZ 66023 - improve handling of HTTP up
Hi all,
There are a couple of things I think we need to take into account for
the May releases.
1. OpenSSL. A security release is due 2022-05-03. I am assuming we'll
need to pick that up for Tomcat Native. I am therefore planning for a
Tomcat Native release shortly after the OpenSSL release
14 matches
Mail list logo