BTW, what about the jetty component?
I just found that it uses org.apache.taglibs.standard.glassfish-1.2.0.v201112081803.jar and all version under 1.2.3 are vulnerable
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0254
Jacques
Le 17/03/2015 14:06, Jacques Le Roux a écrit :
+1, I agree with Adrian, Jacopo and Michael comments
Jacques
Le 17/03/2015 12:31, Pierre Smits a écrit :
*Rationale:*
Back in the day (pre r11.x) we enabled users to have OFBiz working in
external web containers, like Apache Tomcat, IBM Websphere and Jetty.
However, focus of the community migrated away from that and improved the
use of the internally used servlet solution (also Apache Tomcat).
Since then the functionality of the component to have OFBiz work with these
external web containers stopped working and in recent years no contributor
felt the itch to correct/improve this situation.
I therefor propose:
- that we move the component from trunk to our attic, and
- we don't include it in future releases (including the upcoming r14.x
branch release r14.12.01)
For this proposal the normal 72 hour rule applies.
Best regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
