cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From warrell harries <warrell.harr...@gmail.com>
Subject Re: using cocoon 2.1 in the long-term, security concerns
Date Mon, 19 Jul 2021 12:05:48 GMT
The Tomcat version must be updated to address these concerns.

That should do it

On Mon, 19 Jul 2021, 13:03 Vincent Neyt, <vincent.neyt@gmail.com> wrote:

> Hi Cocoon users,
>
> I'd like to ask your opinion on the long-term security risks of running
> Cocoon on a server. The colleague responsible for the servers at my
> university is inquiring if the software I'm using for my website is up to
> date and is concerned that I'm using outdated software that could in the
> future pose a security risk.
>
> I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13 without
> many problems. But I'm concerned about the long-term, and wondering if it
> would perhaps be better to reprogram the website I've been working on for
> 10 years into eXist DB (which would be a huge time investment). I like
> cocoon very much and would love to continue using it if it's possible.
>
> I'm curious to hear your thoughts about using Cocoon 2.1 for the long
> term: will it still work well inside future versions of servlet containers
> like Tomcat? What about the java dependencies? And will cocoon 2.1 continue
> to put out updates when security risks are identified?
>
> thanks very much,
> Vincent
>

Mime
View raw message