The Tomcat version must be updated to address these concerns. That should do it
On Mon, 19 Jul 2021, 13:03 Vincent Neyt, <vincent.n...@gmail.com> wrote: > Hi Cocoon users, > > I'd like to ask your opinion on the long-term security risks of running > Cocoon on a server. The colleague responsible for the servers at my > university is inquiring if the software I'm using for my website is up to > date and is concerned that I'm using outdated software that could in the > future pose a security risk. > > I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13 without > many problems. But I'm concerned about the long-term, and wondering if it > would perhaps be better to reprogram the website I've been working on for > 10 years into eXist DB (which would be a huge time investment). I like > cocoon very much and would love to continue using it if it's possible. > > I'm curious to hear your thoughts about using Cocoon 2.1 for the long > term: will it still work well inside future versions of servlet containers > like Tomcat? What about the java dependencies? And will cocoon 2.1 continue > to put out updates when security risks are identified? > > thanks very much, > Vincent >
