tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex The Rocker <alex.m3...@gmail.com>
Subject Re: Frequency of Tomcat version updates in TomEE ?
Date Mon, 16 Jul 2012 21:06:19 GMT
Well, the "Download" tab (http://openejb.apache.org/downloads.html) show a
list of fixes for TomEE / TomEE+ 1.0 which show that Tomcat version is
2.0.27 (we understand that were was a typo and 7.0.27).
Where is it mentionned that Tomcat 7.0.29 is part of 1.0, if it is ?

Alex

On Mon, Jul 16, 2012 at 9:51 PM, Romain Manni-Bucau
<rmannibucau@gmail.com>wrote:

> Hi,
>
> we have no official position regarding it from what i know but here two
> points:
> 1) if you look last update of tomcat or security update (i think of cxf) it
> took < 2 days for the snapshot (we are already on tomcat 7.0.29)
> 2) regarding releases we are working on the 1.1.0 and then we'll refactor
> our trunk to ease releases so it should be more frequent
> 3) a lot of companies use TomEE and are concerned by security updates
> (including committer companies) so updates will be done
>
> - Romain
>
>
> 2012/7/16 Alex The Rocker <alex.m3tal@gmail.com>
>
> > Hello,
> >
> > We are considering Apache TomEE+, but we are concerned by the lack of
> clear
> > update policy of Tomcat version in TomEE & TomEE+.
> > Today (16th of July 2012):
> > -  Apache TomEE(+) 1.0 is available with embedded Apache Tomcat 7.0.27
> >  - Apache Tomcat 7.0.29 is available since 8th of July.
> >
> > Although there is no know security vulnerabilities in Tomcat 7.0.27, it
> > would be nice to have a clear statement on Apache TomEE/TomEE+ update
> > policy with regard to the components it embeds (and not only Apache
> Tomcat)
> > ; so that users could decide whether or not they want to bed on this
> "new"
> > J2EE application server (yeah, we know it's J2EE with web profile).
> >
> > A commitment to update TomEE & TomEE+ when an Apache Tomcat fix of
> security
> > vulnerabilities within very short time (<2 weeks) would clearly be nice,
> if
> > possible.
> >
> > Regards,
> > Alex
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message