cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <o...@wlkp.org>
Subject Re: using cocoon 2.1 in the long-term, security concerns
Date Fri, 30 Jul 2021 08:33:25 GMT
On Mon, Jul 19, 2021 at 2:27 PM C├ędric Damioli <cdamioli@apache.org> wrote:

> Hi,
>
> Not only Tomcat, but each and every dependency your particular project
> uses.
> As of today, Cocoon 2.1 works well in a Java 11+/Tomcat 9+ environment,
> with all dependencies upgraded.
>
> Cocoon 2.1.13 itself contained a fix for a security-related issue, but in
> the past years, there wasn't many security issues targeting Cocoon core.
>
>
cocoon 2.2 does NOT work with spring 4+ - the fixes are trivial though
(some deprecated API usages have to be corrected)
Jetty 9 needs to have web fragments configuration disabled or it doesn't
start cocoon webapp at all

I've made some forked changes for my organization and ... lost the sources.
Fixing it again should be no problem if someone here would go for a
release.

Java 11 is no problem - the only thing I remember is some simple
commons-beanutils usage querying Java version - the forced maven dependency
fixed the issue.

Mime
View raw message