Philip wrote: > Hello, all! Is there any place I should look for an indication of when the > next release of Webstack will be available and what software versions it will > provide? Also, how often is the Webstack patched, simply regarding security > version updates in existing compenents? > > I'm asking because the federal customer I support gets dinged if known > vulnerabilities are not resolved quickly enough... >
It differs slightly by platform. For OpenSolaris: Web Stack is integrated with the OS (built with other open source components, delivered from the OS package repository), so its release is necessarily at the same time as the OS. OpenSolaris 2010.02 (roughly February 2010) is well-established as the expected name+rough date of the next OpenSolaris release. (But of course it could change.) I don't know of any concise public list of the expected versions of the web-related open source components that will be in that next OpenSolaris release. That being said, such upgrades are discussed on this mailing list in advance, and you can follow the source code with a web view of the source repository as it is updated (most are in this tree: http://src.opensolaris.org/source/xref/sfw/usr/src/cmd/) , so it isn't a secret. Furthermore, you have access to the development builds of the next OpenSolaris release, containing some of the planned component upgrades and other security fixes for 2010.02. Build 123 has been available in the development repo for a while. A few of the components already updated for the next release: httpd -> 2.2.13 (b124, not avail publicly yet) APR -> 1.3.8 (b122) APR-Util -> 1.3.9 (b122) Tomcat -> 6.0.20 (b118) GlassFish Portfolio (http://www.sun.com/software/products/glassfish_portfolio/) provides a support offering for Web Stack users with very specific business requirements regarding the resolution of vulnerabilities or other critical fixes. Without the support offering, such fixes are available either in development builds (e.g., the build 123 of future 2010.02 that you can get today), or when the next release is delivered.
