i spoke about the snapshot which uses t7.0.29 - Romain
2012/7/16 Alex The Rocker <alex.m3...@gmail.com> > Well, the "Download" tab (http://openejb.apache.org/downloads.html) show a > list of fixes for TomEE / TomEE+ 1.0 which show that Tomcat version is > 2.0.27 (we understand that were was a typo and 7.0.27). > Where is it mentionned that Tomcat 7.0.29 is part of 1.0, if it is ? > > Alex > > On Mon, Jul 16, 2012 at 9:51 PM, Romain Manni-Bucau > <rmannibu...@gmail.com>wrote: > > > Hi, > > > > we have no official position regarding it from what i know but here two > > points: > > 1) if you look last update of tomcat or security update (i think of cxf) > it > > took < 2 days for the snapshot (we are already on tomcat 7.0.29) > > 2) regarding releases we are working on the 1.1.0 and then we'll refactor > > our trunk to ease releases so it should be more frequent > > 3) a lot of companies use TomEE and are concerned by security updates > > (including committer companies) so updates will be done > > > > - Romain > > > > > > 2012/7/16 Alex The Rocker <alex.m3...@gmail.com> > > > > > Hello, > > > > > > We are considering Apache TomEE+, but we are concerned by the lack of > > clear > > > update policy of Tomcat version in TomEE & TomEE+. > > > Today (16th of July 2012): > > > - Apache TomEE(+) 1.0 is available with embedded Apache Tomcat 7.0.27 > > > - Apache Tomcat 7.0.29 is available since 8th of July. > > > > > > Although there is no know security vulnerabilities in Tomcat 7.0.27, it > > > would be nice to have a clear statement on Apache TomEE/TomEE+ update > > > policy with regard to the components it embeds (and not only Apache > > Tomcat) > > > ; so that users could decide whether or not they want to bed on this > > "new" > > > J2EE application server (yeah, we know it's J2EE with web profile). > > > > > > A commitment to update TomEE & TomEE+ when an Apache Tomcat fix of > > security > > > vulnerabilities within very short time (<2 weeks) would clearly be > nice, > > if > > > possible. > > > > > > Regards, > > > Alex > > > > > >
