cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cédric Damioli <cdami...@apache.org>
Subject Re: using cocoon 2.1 in the long-term, security concerns
Date Mon, 19 Jul 2021 12:27:14 GMT
Hi,

Not only Tomcat, but each and every dependency your particular project uses.
As of today, Cocoon 2.1 works well in a Java 11+/Tomcat 9+ environment, 
with all dependencies upgraded.

Cocoon 2.1.13 itself contained a fix for a security-related issue, but 
in the past years, there wasn't many security issues targeting Cocoon core.

HTH,
Regards,
Cédric

Le 19/07/2021 à 14:05, warrell harries a écrit :
> The Tomcat version must be updated to address these concerns.
>
> That should do it
>
> On Mon, 19 Jul 2021, 13:03 Vincent Neyt, <vincent.neyt@gmail.com 
> <mailto:vincent.neyt@gmail.com>> wrote:
>
>     Hi Cocoon users,
>
>     I'd like to ask your opinion on the long-term security risks of
>     running Cocoon on a server. The colleague responsible for the
>     servers at my university is inquiring if the software I'm using
>     for my website is up to date and is concerned that I'm using
>     outdated software that could in the future pose a security risk.
>
>     I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13
>     without many problems. But I'm concerned about the long-term, and
>     wondering if it would perhaps be better to reprogram the website
>     I've been working on for 10 years into eXist DB (which would be a
>     huge time investment). I like cocoon very much and would love to
>     continue using it if it's possible.
>
>     I'm curious to hear your thoughts about using Cocoon 2.1 for the
>     long term: will it still work well inside future versions of
>     servlet containers like Tomcat? What about the java dependencies?
>     And will cocoon 2.1 continue to put out updates when security
>     risks are identified?
>
>     thanks very much,
>     Vincent
>

-- 
Cédric Damioli
CMS - Java - Open Source
www.ametys.org


Mime
View raw message