Hi all,
I've just seen the heads up from the OpenSSL project that there will be
a 3.0.7 release on 2022-12-01 that will address a critical
vulnerability. We won't know the details of the vulnerability until the
release announcement. Given that it may trigger a Tomcat Native release
my current
On Tue, Oct 25, 2022 at 5:52 PM Mark Thomas wrote:
>
> Hi all,
>
> I've just seen the heads up from the OpenSSL project that there will be
> a 3.0.7 release on 2022-12-01 that will address a critical
> vulnerability. We won't know the details of the vulnerability until the
> release announcement.
> 2022年10月25日 23:51,Mark Thomas 写道:
>
> Hi all,
>
> I've just seen the heads up from the OpenSSL project that there will be a
> 3.0.7 release on 2022-12-01 that will address a critical vulnerability. We
> won't know the details of the vulnerability until the release announcement.
> Given t
I've just read the OpenSSL announcement. The issue has been downgraded
to critical but we are going to need to new Tomcat Native release. There
are a couple of stack overflow bugs in certificate verification so
Tomcat could be accepted via CLIENT-CERT.
Where are we on the migration tool. I hav
> 2022年11月2日 00:19,Mark Thomas 写道:
>
> I've just read the OpenSSL announcement. The issue has been downgraded to
> critical but we are going to need to new Tomcat Native release. There are a
> couple of stack overflow bugs in certificate verification so Tomcat could be
> accepted via CLIENT
On Wed, Nov 2, 2022 at 2:40 AM Han Li wrote:
>
>
>
> > 2022年11月2日 00:19,Mark Thomas 写道:
> >
> > I've just read the OpenSSL announcement. The issue has been downgraded to
> > critical but we are going to need to new Tomcat Native release. There are a
> > couple of stack overflow bugs in certific
Mark,
On 11/1/22 12:19, Mark Thomas wrote:
I've just read the OpenSSL announcement. The issue has been downgraded
to critical but we are going to need to new Tomcat Native release. There
are a couple of stack overflow bugs in certificate verification so
Tomcat could be accepted via CLIENT-CERT
On 02/11/2022 18:36, Christopher Schultz wrote:
Mark,
On 11/1/22 12:19, Mark Thomas wrote:
I've just read the OpenSSL announcement. The issue has been downgraded
to critical but we are going to need to new Tomcat Native release.
There are a couple of stack overflow bugs in certificate verifica
