Hi Cocoon users,

I'd like to ask your opinion on the long-term security risks of running
Cocoon on a server. The colleague responsible for the servers at my
university is inquiring if the software I'm using for my website is up to
date and is concerned that I'm using outdated software that could in the
future pose a security risk.

I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13 without
many problems. But I'm concerned about the long-term, and wondering if it
would perhaps be better to reprogram the website I've been working on for
10 years into eXist DB (which would be a huge time investment). I like
cocoon very much and would love to continue using it if it's possible.

I'm curious to hear your thoughts about using Cocoon 2.1 for the long term:
will it still work well inside future versions of servlet containers like
Tomcat? What about the java dependencies? And will cocoon 2.1 continue to
put out updates when security risks are identified?

thanks very much,

Reply via email to