You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mladen Turk <mt...@apache.org> on 2014/04/08 09:56:30 UTC
Tagging JK 1.2.40
Hi,
I plan to tag JK 1.2.40 pretty soon (probably end of this week)
We have few bugs in the latest release which requires a new version.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Tagging JK 1.2.40
Posted by Mladen Turk <mt...@apache.org>.
On 04/09/2014 07:38 PM, Rainer Jung wrote:
> On 08.04.2014 09:56, Mladen Turk wrote:
>> Hi,
>>
>> I plan to tag JK 1.2.40 pretty soon (probably end of this week)
>> We have few bugs in the latest release which requires a new version.
>
> I'm all for it, to many bugs which might affect many users.
> Just now fixed another one (chunked requests broken).
>
> If we keep only fixing real errors and let the rest of the code as-is,
> we'll likely get a more stable release (means: let's not do bigger
> refactorings or features this time).
>
+1. I'll tag on Friday and push for a release.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Tagging JK 1.2.40
Posted by Rainer Jung <ra...@kippdata.de>.
On 08.04.2014 09:56, Mladen Turk wrote:
> Hi,
>
> I plan to tag JK 1.2.40 pretty soon (probably end of this week)
> We have few bugs in the latest release which requires a new version.
I'm all for it, to many bugs which might affect many users.
Just now fixed another one (chunked requests broken).
If we keep only fixing real errors and let the rest of the code as-is,
we'll likely get a more stable release (means: let's not do bigger
refactorings or features this time).
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Tagging JK 1.2.40
Posted by Tim Whittington <ti...@apache.org>.
On 8/04/2014, at 11:56 pm, Konstantin Kolinko <kn...@gmail.com> wrote:
> 2014-04-08 11:56 GMT+04:00 Mladen Turk <mt...@apache.org>:
>> Hi,
>>
>> I plan to tag JK 1.2.40 pretty soon (probably end of this week)
>> We have few bugs in the latest release which requires a new version.
>
> +1
>
> There is also a need for a tc-native build, due to security issue in OpenSSL
> https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
>
On that subject, does anyone have a HOWTO to get a tcnative build working?
I’ve tried with and RHEL 6 and CentOS 6 (cmake is missing /usr/share/cmake/Modules/ExternalProject.cmake) and OS X Mavericks (downloaded apr is trying to include apr_private.h, which is missing).
(I was actually looking at the ECDHE support - Mladen looks like he’s across Heartbleed).
> I cannot test this now, but from reading the FAQ at
> http://heartbleed.com/ there are good chances that the current build
> of TC-Native (and included with windows versions of TC8, TC7 etc) is
> vulnerable.
I think it’s fairly probable given the static linking we do.
cheers
tim
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Tagging JK 1.2.40
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-04-08 11:56 GMT+04:00 Mladen Turk <mt...@apache.org>:
> Hi,
>
> I plan to tag JK 1.2.40 pretty soon (probably end of this week)
> We have few bugs in the latest release which requires a new version.
+1
There is also a need for a tc-native build, due to security issue in OpenSSL
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
I cannot test this now, but from reading the FAQ at
http://heartbleed.com/ there are good chances that the current build
of TC-Native (and included with windows versions of TC8, TC7 etc) is
vulnerable.
There should be no need for this TLS extension protocol, but
apparently it is enabled by default.
A test tool:
https://github.com/FiloSottile/Heartbleed
A discussion of this security issue:
http://security.stackexchange.com/questions/55076/what-should-one-do-about-the-heartbleed-openssl-exploit
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org