netty-tcnative: new releases made for security fixes in statically-linked BoringSSL/OpenSSL/LibreSSL?

[mohamed....@gmail.com]

Hi, just wanted to double check that netty-tcnative makes a new release after any security issues are are fixed for the statically linked SSL library. If there is just a fix in OpenSSL for example but not the other two, is a new release made anyway?

[Norman Maurer]

As we only push static linked jars against boringssl during the release process (we not release one for libressl / openssl) we only are worried about boringssl here.

And yes we are doing a new release once there is a security vuln discovered. Google engineers are also part of the Netty team :)

Bye,

Norman

On 27 Jun 2016, at 05:08, mohamed....@gmail.com wrote:

Hi, just wanted to double check that netty-tcnative makes a new release after any security issues are are fixed for the statically linked SSL library. If there is just a fix in OpenSSL for example but not the other two, is a new release made anyway?

--
You received this message because you are subscribed to the Google Groups "Netty discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netty+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netty/40b4d98f-4e73-4a69-9814-ca49a7b94ef4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[mohamed....@gmail.com]

Perfect, thanks so much Norman!:)