We're planning on doing an offiicial 1.0 release of both trapperkeeper[1] and trapperkeeper-webserver-jetty9[2] in the not-too-distant future, and in that announcement e-mail we can highlight some of the new features that have been added over the last few months. However, due to the recent "poodle" security vulnerability announcement, we wanted to go ahead and send out a heads-up that we've done a v0.9.0 release of trapperkeeper-webserver-jetty9. This release addresses the security vulnerability in the SSLv3 protocol by configuring Jetty to only accept TLSv1, TLSv1.1, or TLSv1.2 connections by default.
Note that in older versions of trapperkeeper-webserver-jetty9, you can specify your preferred list of SSL protocols via the `ssl-protocols` setting[3], but if you upgrade to v0.9.0 then it'll be taken care of by default. A more comprehensive 1.0 announcement will be coming in the next month or two. [1] https://github.com/puppetlabs/trapperkeeper [2] https://github.com/puppetlabs/trapperkeeper-webserver-jetty9 [3] https://github.com/puppetlabs/trapperkeeper-webserver-jetty9/blob/master/doc/jetty-config.md#ssl-protocols -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
