Congrats everyone! -Rex
2010/12/12 Shawn Jiang <[email protected]> > The Apache Geronimo project is pleased to announce the available of Apache > Geronimo v2.2.1 server. This release includes many new features, > improvements, and bug fixes. Please see the detail information in 2.2.1 > release notes[1] or 2.2.x Security Report[2]. > > A couple of highlights are: > > * Stateless Session Bean Failover support > * Web console navigation improvements . > * JMX over SSL improvements > * Added built-in user "monitor" who only has read-only access to monitoring > pages. > * Encrypt password strings in deployment plans > * Start Derby NetworkServerControl with credentials to prevent unauthorized > shutdowns > * Add db2 for iSeries tranql xa connector to server > * Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, ActiveMQ to 5.4.1, OpenJPA to > 1.2.2, Aixs2 to 1.5.2, txmanager to 2.2.1, CXF to 2.1.10, Myfaces to > 1.2.8, Derby to 10.5.3.0_1, WADI to 2.1.2 etc. > > > Fixed vulnerabilities are: > > * CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD > based XML attacks. > * CVE-2010-1622: Spring Framework execution of arbitrary code > * CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information > Disclosure Vulnerability > > > The individual jars and plugins have been available through maven > repository, and you can also download the source jar and assemblies in > download site[3]. > > A big THANK YOU to all that contributed to this release! Great work > everyone! > > [1] > http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-2.2.1/RELEASE_NOTES-2.2.1.txt > [2] > https://cwiki.apache.org/confluence/display/GMOxSITE/2.2.x+Security+Report > [3]http://www.apache.org/dist/geronimo/2.2.1/ > > -- > Shawn > > -- Lei Wang (Rex) rwonly AT apache.org
