-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Arlo,
On 4/8/14, 5:36 PM, Arlo White wrote: > After updating OpenSSL I simply restarted Tomcat to eliminate the > vulnerability. - -1 You must re-key your server, and get a new cert from your CA. You have stopped the bleeding but your key should still be considered compromised. > (Checked http://filippo.io/Heartbleed before and after) I built APR > and Tomcat Native from source on the server, so I assume it's doing > dynamic library loading. > > Is the binary build staticly linked? Otherwise, I'm not sure it's > necessary to redo the builds. The ASF only provides binaries for win32, and yes, they are statically-linked. Users without the expertise to build their own tcnative binary will have to wait for the tcnative team to roll a new release. - -chris > On 04/08/2014 03:30 PM, Jeffrey Janner wrote: >>> -----Original Message----- From: Jeffrey Janner >>> [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 08, >>> 2014 5:14 PM To: 'Tomcat Users List' Subject: RE: Does the >>> HeartBleed vulnerability affect Apache Tomcat servers using >>> Tomcat Native? >>> >>> Ognjen, Has anyone entered a bugzilla request for this one? >>> Jeff >>> >> Answering myself: >> https://issues.apache.org/bugzilla/show_bug.cgi?id=56363 Might I >> suggest folks please go vote this one up big time! >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTRNmkAAoJEBzwKT+lPKRYvAIQAL3KZI8JhuzFNCYA9DNLK7Fy Su6+c3NtIXcHd6vqIiQxsEDLd6s/hRs8lTZuIEqNGY+1OjjoYTTRr/aJDQeX+hQn 7cL8NcG+N5G+6br0IORfjorTgzoONI+RHN90RNhNWMtHfPrzw6AHxN187iLhYCxT uj0TanotVsoVHLqyFLFRHw9E55sec2w+foXEbcKAZeLNqsbfGSKKHlc2LzOi0XNX OkQ5cEvJO93uPgJoMhbBCQIvvEXYpOwNgqBfami8/vVlc1WEN9kxYhF/kTxRVgUn D0P9Ur5JquUglwk72qXDCuaqSzGBgR8VhCEqVgwY0gT+cIamkxntg0smVnhxCZVp XJnZz5m51+LmnfHdzasVPegVe1br7RLMWFrnI9CvQ44rJ7wDdbNL7zyWKrEdUAQj fEyacnXSk+VsO4ohtGk6a0RvXSWTOQd26xGtEHp9w/xgSFxKr3K2q9V/jy27vnfb /qLDVVnVBPJIYr5srref26sP4OqHAd/d8F/0pPEKGjUY3oAYvMpHiFXr0hxj9iob gTCNFOli+PTW+htQg5iVnVA2+fwnB7D/NLcY1LuIe9JTfDVQxCq56T78GaXbWrel lA4gYiZHR9xw1lZWy+JClUkmxgQtjzaJH7HocFGfXkwfU9Lmqybqhw3HAygDs27i BYiCM83vAmo5L81x0YZa =fHHn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
