cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cédric Damioli <>
Subject Re: using cocoon 2.1 in the long-term, security concerns
Date Mon, 19 Jul 2021 12:27:14 GMT

Not only Tomcat, but each and every dependency your particular project uses.
As of today, Cocoon 2.1 works well in a Java 11+/Tomcat 9+ environment, 
with all dependencies upgraded.

Cocoon 2.1.13 itself contained a fix for a security-related issue, but 
in the past years, there wasn't many security issues targeting Cocoon core.


Le 19/07/2021 à 14:05, warrell harries a écrit :
> The Tomcat version must be updated to address these concerns.
> That should do it
> On Mon, 19 Jul 2021, 13:03 Vincent Neyt, < 
> <>> wrote:
>     Hi Cocoon users,
>     I'd like to ask your opinion on the long-term security risks of
>     running Cocoon on a server. The colleague responsible for the
>     servers at my university is inquiring if the software I'm using
>     for my website is up to date and is concerned that I'm using
>     outdated software that could in the future pose a security risk.
>     I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13
>     without many problems. But I'm concerned about the long-term, and
>     wondering if it would perhaps be better to reprogram the website
>     I've been working on for 10 years into eXist DB (which would be a
>     huge time investment). I like cocoon very much and would love to
>     continue using it if it's possible.
>     I'm curious to hear your thoughts about using Cocoon 2.1 for the
>     long term: will it still work well inside future versions of
>     servlet containers like Tomcat? What about the java dependencies?
>     And will cocoon 2.1 continue to put out updates when security
>     risks are identified?
>     thanks very much,
>     Vincent

Cédric Damioli
CMS - Java - Open Source

View raw message