Hello Romain, My point is that, as vulnerabilities are critical in IT world today, it should be really useful to have a dedicated page on TomEE web site, in order, for each third-parties version included, to list/collect their CVEs .
It will help a lot our day to day work in a way that we won't have anymore to look at different locations for finding this kind of information. When you say CVE databases: which one do you recommend to monitor the TomEE CVEs ? Best Regards. -----Original Message----- From: Romain Manni-Bucau [mailto:[email protected]] Sent: mercredi 31 mai 2017 19:53 To: [email protected] Subject: Re: Info about TomEE vulnarabilities Hi François, générally in CVE databases you can listen for the tomee stack which makes only needed and useful (as "avoids a ton of noise") the directly tomee related issues on tomee website. Was mainly thought this way I think. Romain Manni-Bucau @rmannibucau <https://twitter.com/rmannibucau> | Blog <https://blog-rmannibucau.rhcloud.com> | Old Blog <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | JavaEE Factory <https://javaeefactory-rmannibucau.rhcloud.com> 2017-05-31 19:51 GMT+02:00 COURTAULT Francois < [email protected]>: > Hello everyone, > > It is quite hard to find information about all the TomEE CVEs. > If we go to http://tomee.apache.org/security/index.html it is stated > to look at the sub projects listed below: > > * Tomcat > > * Open JPA > > * CXF > > * OpenWebBeans > > * MyFaces > > * Bean Validation > > According to me it should be a good thing to centralized this > information at TomEE web site in order to avoid to navigate to all the > TomEE sub project sites to find this information even if sometimes we > can't find it (for example for OpenWebBeans). > > What do you think ? > > Best Regards. > ________________________________ > This message and any attachments are intended solely for the > addressees and may contain confidential information. Any unauthorized > use or disclosure, either whole or partial, is prohibited. > E-mails are susceptible to alteration. Our company shall not be liable > for the message if altered, changed or falsified. If you are not the > intended recipient of this message, please delete it and notify the sender. > Although all reasonable efforts have been made to keep this > transmission free from viruses, the sender will not be liable for > damages caused by a transmitted virus. > ________________________________ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
