The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.2.1 server. This release includes many new features, improvements, and bug fixes. Please see the detail information in 2.2.1 release notes[1] or 2.2.x Security Report[2].
A couple of highlights are: * Stateless Session Bean Failover support * Web console navigation improvements . * JMX over SSL improvements * Added built-in user "monitor" who only has read-only access to monitoring pages. * Encrypt password strings in deployment plans * Start Derby NetworkServerControl with credentials to prevent unauthorized shutdowns * Add db2 for iSeries tranql xa connector to server * Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, ActiveMQ to 5.4.1, OpenJPA to 1.2.2, Aixs2 to 1.5.2, txmanager to 2.2.1, CXF to 2.1.10, Myfaces to 1.2.8, Derby to 10.5.3.0_1, WADI to 2.1.2 etc. Fixed vulnerabilities are: * CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks. * CVE-2010-1622: Spring Framework execution of arbitrary code * CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability The individual jars and plugins have been available through maven repository, and you can also download the source jar and assemblies in download site[3]. A big THANK YOU to all that contributed to this release! Great work everyone! [1] http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-2.2.1/RELEASE_NOTES-2.2.1.txt [2] https://cwiki.apache.org/confluence/display/GMOxSITE/2.2.x+Security+Report [3]http://www.apache.org/dist/geronimo/2.2.1/ -- Shawn
