Hi,
Not only Tomcat, but each and every dependency your particular project uses.
As of today, Cocoon 2.1 works well in a Java 11+/Tomcat 9+ environment,
with all dependencies upgraded.
Cocoon 2.1.13 itself contained a fix for a security-related issue, but
in the past years, there wasn't many security issues targeting Cocoon core.
HTH,
Regards,
Cédric
Le 19/07/2021 à 14:05, warrell harries a écrit :
The Tomcat version must be updated to address these concerns.
That should do it
On Mon, 19 Jul 2021, 13:03 Vincent Neyt, <vincent.n...@gmail.com
<mailto:vincent.n...@gmail.com>> wrote:
Hi Cocoon users,
I'd like to ask your opinion on the long-term security risks of
running Cocoon on a server. The colleague responsible for the
servers at my university is inquiring if the software I'm using
for my website is up to date and is concerned that I'm using
outdated software that could in the future pose a security risk.
I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13
without many problems. But I'm concerned about the long-term, and
wondering if it would perhaps be better to reprogram the website
I've been working on for 10 years into eXist DB (which would be a
huge time investment). I like cocoon very much and would love to
continue using it if it's possible.
I'm curious to hear your thoughts about using Cocoon 2.1 for the
long term: will it still work well inside future versions of
servlet containers like Tomcat? What about the java dependencies?
And will cocoon 2.1 continue to put out updates when security
risks are identified?
thanks very much,
Vincent
--
Cédric Damioli
CMS - Java - Open Source
www.ametys.org