cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gelo1234 <gelo1...@gmail.com>
Subject Re: using cocoon 2.1 in the long-term, security concerns
Date Mon, 19 Jul 2021 13:17:54 GMT
Hello Vincent,

It depends on your future Strategy. Cocoon is very flexible. We've been
running Cocoon 3.0-beta in production with Tomcat9/10, Quarkus and even
Kubernetes 1.20 etc. No problems at all :)
with Java 8 :) We cannot switch to Java 11, because it's not compatible
with Cocoon libraries anymore :( That's the only obstacle.
Maybe someone could "update" cocoon stack to use Java 11 LTS JVM? Or now 17
LTS? :)

As long as it does its job, Cocoon is fine! Although the amount of
pipelines that are still in use in our Cocoon deployments decreased in
time.
We switched to Vue.js framework as frontend and Spring-Boot 2 as backend
technologies, all running on Kubernetes multi-clusters.
Both Vue and Spring-Boot 2 are very lightweight and suit our needs better
(to build Web-Portals) than Cocoon. Even though we still use Cocoon for
some integration stuff and fast
proxy/gateway to many "old" services or database access.

Greetings,
Greg


pon., 19 lip 2021 o 14:03 Vincent Neyt <vincent.neyt@gmail.com> napisaƂ(a):

> Hi Cocoon users,
>
> I'd like to ask your opinion on the long-term security risks of running
> Cocoon on a server. The colleague responsible for the servers at my
> university is inquiring if the software I'm using for my website is up to
> date and is concerned that I'm using outdated software that could in the
> future pose a security risk.
>
> I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13 without
> many problems. But I'm concerned about the long-term, and wondering if it
> would perhaps be better to reprogram the website I've been working on for
> 10 years into eXist DB (which would be a huge time investment). I like
> cocoon very much and would love to continue using it if it's possible.
>
> I'm curious to hear your thoughts about using Cocoon 2.1 for the long
> term: will it still work well inside future versions of servlet containers
> like Tomcat? What about the java dependencies? And will cocoon 2.1 continue
> to put out updates when security risks are identified?
>
> thanks very much,
> Vincent
>

Mime
View raw message