Le 18/07/2012 19:39, Benjamin Jaton a écrit : > Hello, > > The packages glassfish-* shipped in all the version of Debian are > version 2.1.1. > The glassfish v2 open souce code hasn't received any updates since > 2010, not even critical security updates. > ( https://svn.java.net/svn/glassfish~svn/trunk/v2/ > <https://svn.java.net/svn/glassfish%7Esvn/trunk/v2/> ) > Only the Oracle Enterprise version is still maintained. > Even if those are not the full server stack ( > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may > contains security flaws. > We just don't know, right? > > The v3 version is very stable and actively maintained. I would > consider shipping it instead of v2.
Thanks for the information. Do you think we should ask for a removal in Wheezy ? Are you volunteer to package the v3 ? ThanksS
