After updating OpenSSL I simply restarted Tomcat to eliminate the
vulnerability. (Checked http://filippo.io/Heartbleed before and after)
I built APR and Tomcat Native from source on the server, so I assume
it's doing dynamic library loading.
Is the binary build staticly linked? Otherwise, I'm not sure it's
necessary to redo the builds.
On 04/08/2014 03:30 PM, Jeffrey Janner wrote:
-----Original Message-----
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
Sent: Tuesday, April 08, 2014 5:14 PM
To: 'Tomcat Users List'
Subject: RE: Does the HeartBleed vulnerability affect Apache Tomcat
servers using Tomcat Native?
Ognjen,
Has anyone entered a bugzilla request for this one?
Jeff
Answering myself:
https://issues.apache.org/bugzilla/show_bug.cgi?id=56363
Might I suggest folks please go vote this one up big time!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
