Hi François, générally in CVE databases you can listen for the tomee stack which makes only needed and useful (as "avoids a ton of noise") the directly tomee related issues on tomee website. Was mainly thought this way I think.
Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2017-05-31 19:51 GMT+02:00 COURTAULT Francois < [email protected]>: > Hello everyone, > > It is quite hard to find information about all the TomEE CVEs. > If we go to http://tomee.apache.org/security/index.html it is stated to > look at the sub projects listed below: > > * Tomcat > > * Open JPA > > * CXF > > * OpenWebBeans > > * MyFaces > > * Bean Validation > > According to me it should be a good thing to centralized this information > at TomEE web site in order to avoid to navigate to all the TomEE sub > project sites to find > this information even if sometimes we can't find it (for example for > OpenWebBeans). > > What do you think ? > > Best Regards. > ________________________________ > This message and any attachments are intended solely for the addressees > and may contain confidential information. Any unauthorized use or > disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable for > the message if altered, changed or falsified. If you are not the intended > recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this transmission > free from viruses, the sender will not be liable for damages caused by a > transmitted virus. >
