tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: Info about TomEE vulnarabilities
Date Fri, 02 Jun 2017 07:35:09 GMT
2017-06-02 9:32 GMT+02:00 COURTAULT Francois <Francois.Courtault@gemalto.com
>:

> Hello Romain,
>
> My point is that, as vulnerabilities are critical in IT world today, it
> should be really useful to have a dedicated page on TomEE web site,
> in order, for each third-parties version included, to list/collect their
> CVEs .
>
> It will help a lot our day to day work in a way that we won't have anymore
> to look at different locations for finding this kind of information.
>
> When you say CVE databases: which one do you recommend to monitor the
> TomEE CVEs ?
>

Well we used with JL (on this list as well) secunia for instance but there
are multiple good alternative.


>
> Best Regards.
>
> -----Original Message-----
> From: Romain Manni-Bucau [mailto:rmannibucau@gmail.com]
> Sent: mercredi 31 mai 2017 19:53
> To: users@tomee.apache.org
> Subject: Re: Info about TomEE vulnarabilities
>
> Hi François,
>
> générally in CVE databases you can listen for the tomee stack which makes
> only needed and useful (as "avoids a ton of noise") the directly tomee
> related issues on tomee website. Was mainly thought this way I think.
>
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> |  Blog <
> https://blog-rmannibucau.rhcloud.com> | Old Blog <
> http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau>
> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory <
> https://javaeefactory-rmannibucau.rhcloud.com>
>
> 2017-05-31 19:51 GMT+02:00 COURTAULT Francois <
> Francois.Courtault@gemalto.com>:
>
> > Hello everyone,
> >
> > It is quite hard to find information about all the TomEE CVEs.
> > If we go to http://tomee.apache.org/security/index.html it is stated
> > to look at the sub projects listed below:
> >
> > *         Tomcat
> >
> > *         Open JPA
> >
> > *         CXF
> >
> > *         OpenWebBeans
> >
> > *         MyFaces
> >
> > *         Bean Validation
> >
> > According to me it should be a good thing to centralized this
> > information at TomEE web site in order to avoid to navigate to all the
> > TomEE sub project sites to find this information even if sometimes we
> > can't find it (for example for OpenWebBeans).
> >
> > What do you think ?
> >
> > Best Regards.
> > ________________________________
> > This message and any attachments are intended solely for the
> > addressees and may contain confidential information. Any unauthorized
> > use or disclosure, either whole or partial, is prohibited.
> > E-mails are susceptible to alteration. Our company shall not be liable
> > for the message if altered, changed or falsified. If you are not the
> > intended recipient of this message, please delete it and notify the
> sender.
> > Although all reasonable efforts have been made to keep this
> > transmission free from viruses, the sender will not be liable for
> > damages caused by a transmitted virus.
> >
> ________________________________
>  This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message