Not only Tomcat, but each and every dependency your particular project uses.
As of today, Cocoon 2.1 works well in a Java 11+/Tomcat 9+ environment, with all dependencies upgraded.

Cocoon 2.1.13 itself contained a fix for a security-related issue, but in the past years, there wasn't many security issues targeting Cocoon core.


Le 19/07/2021 à 14:05, warrell harries a écrit :
The Tomcat version must be updated to address these concerns.

That should do it

On Mon, 19 Jul 2021, 13:03 Vincent Neyt, <vincent.n...@gmail.com <mailto:vincent.n...@gmail.com>> wrote:

    Hi Cocoon users,

    I'd like to ask your opinion on the long-term security risks of
    running Cocoon on a server. The colleague responsible for the
    servers at my university is inquiring if the software I'm using
    for my website is up to date and is concerned that I'm using
    outdated software that could in the future pose a security risk.

    I'm using cocoon 2.1.11, which I could probably upgrade to 2.1.13
    without many problems. But I'm concerned about the long-term, and
    wondering if it would perhaps be better to reprogram the website
    I've been working on for 10 years into eXist DB (which would be a
    huge time investment). I like cocoon very much and would love to
    continue using it if it's possible.

    I'm curious to hear your thoughts about using Cocoon 2.1 for the
    long term: will it still work well inside future versions of
    servlet containers like Tomcat? What about the java dependencies?
    And will cocoon 2.1 continue to put out updates when security
    risks are identified?

    thanks very much,

Cédric Damioli
CMS - Java - Open Source

Reply via email to