Hi Cocoon users, I'd like to ask your opinion on the long-term security risks of running Cocoon on a server. The colleague responsible for the servers at my university is inquiring if the software I'm using for my website is up to date and is concerned that I'm using outdated software that could in the future pose a security risk.
I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13 without many problems. But I'm concerned about the long-term, and wondering if it would perhaps be better to reprogram the website I've been working on for 10 years into eXist DB (which would be a huge time investment). I like cocoon very much and would love to continue using it if it's possible. I'm curious to hear your thoughts about using Cocoon 2.1 for the long term: will it still work well inside future versions of servlet containers like Tomcat? What about the java dependencies? And will cocoon 2.1 continue to put out updates when security risks are identified? thanks very much, Vincent