tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex The Rocker <>
Subject Frequency of Tomcat version updates in TomEE ?
Date Mon, 16 Jul 2012 19:31:43 GMT

We are considering Apache TomEE+, but we are concerned by the lack of clear
update policy of Tomcat version in TomEE & TomEE+.
Today (16th of July 2012):
-  Apache TomEE(+) 1.0 is available with embedded Apache Tomcat 7.0.27
 - Apache Tomcat 7.0.29 is available since 8th of July.

Although there is no know security vulnerabilities in Tomcat 7.0.27, it
would be nice to have a clear statement on Apache TomEE/TomEE+ update
policy with regard to the components it embeds (and not only Apache Tomcat)
; so that users could decide whether or not they want to bed on this "new"
J2EE application server (yeah, we know it's J2EE with web profile).

A commitment to update TomEE & TomEE+ when an Apache Tomcat fix of security
vulnerabilities within very short time (<2 weeks) would clearly be nice, if


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message