After updating OpenSSL I simply restarted Tomcat to eliminate the
vulnerability. (Checked http://filippo.io/Heartbleed before and after)
I built APR and Tomcat Native from source on the server, so I assume
it's doing dynamic library loading.
Is the binary build staticly linked? Otherwise, I'm n
Jeff
-Original Message-
From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com]
Sent: Tuesday, April 08, 2014 3:02 PM
To: Tomcat Users List
Subject: Re: Does the HeartBleed vulnerability affect Apache Tomcat
servers using Tomcat Native?
On 8.4.2014 18:48, Arlo White wrote:
Are Apache T
Are Apache Tomcat servers using Tomcat Native & APR vulnerable to the
HeartBleed OpenSSL bug, or does this layer insulate them?
http://heartbleed.com/
I've also posted this question here if you wish to provide an answer on
security.stackexchange:
http://security.stackexchange.com/questions/551
