tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: Frequency of Tomcat version updates in TomEE ?
Date Mon, 16 Jul 2012 21:10:11 GMT
i spoke about the snapshot which uses t7.0.29

- Romain


2012/7/16 Alex The Rocker <alex.m3tal@gmail.com>

> Well, the "Download" tab (http://openejb.apache.org/downloads.html) show a
> list of fixes for TomEE / TomEE+ 1.0 which show that Tomcat version is
> 2.0.27 (we understand that were was a typo and 7.0.27).
> Where is it mentionned that Tomcat 7.0.29 is part of 1.0, if it is ?
>
> Alex
>
> On Mon, Jul 16, 2012 at 9:51 PM, Romain Manni-Bucau
> <rmannibucau@gmail.com>wrote:
>
> > Hi,
> >
> > we have no official position regarding it from what i know but here two
> > points:
> > 1) if you look last update of tomcat or security update (i think of cxf)
> it
> > took < 2 days for the snapshot (we are already on tomcat 7.0.29)
> > 2) regarding releases we are working on the 1.1.0 and then we'll refactor
> > our trunk to ease releases so it should be more frequent
> > 3) a lot of companies use TomEE and are concerned by security updates
> > (including committer companies) so updates will be done
> >
> > - Romain
> >
> >
> > 2012/7/16 Alex The Rocker <alex.m3tal@gmail.com>
> >
> > > Hello,
> > >
> > > We are considering Apache TomEE+, but we are concerned by the lack of
> > clear
> > > update policy of Tomcat version in TomEE & TomEE+.
> > > Today (16th of July 2012):
> > > -  Apache TomEE(+) 1.0 is available with embedded Apache Tomcat 7.0.27
> > >  - Apache Tomcat 7.0.29 is available since 8th of July.
> > >
> > > Although there is no know security vulnerabilities in Tomcat 7.0.27, it
> > > would be nice to have a clear statement on Apache TomEE/TomEE+ update
> > > policy with regard to the components it embeds (and not only Apache
> > Tomcat)
> > > ; so that users could decide whether or not they want to bed on this
> > "new"
> > > J2EE application server (yeah, we know it's J2EE with web profile).
> > >
> > > A commitment to update TomEE & TomEE+ when an Apache Tomcat fix of
> > security
> > > vulnerabilities within very short time (<2 weeks) would clearly be
> nice,
> > if
> > > possible.
> > >
> > > Regards,
> > > Alex
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message