ote:
> On 22/08/2016 15:12, Matthias Reischenbacher wrote:
>> Hi,
>>
>> Tomcat 6.0.45 and Tomcat Native 1.1.34 seem to be affected by the
>> security issue CVE-2016-2107, see also:
>>
>> https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciph
seems to be available for Tomcat 8/9. But what about Tomcat6? Are
there plans to release a fixed version of the Tomcat Native libs, that
contain a newer version of OpenSSL? According to
https://www.openssl.org/news/vulnerabilities.html#2016-2107 this should
be 1.0.1t.
Thanks & Best regards,
Matt
