[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Packages glassfish-* security concerns



Hello,

The packages glassfish-* shipped in all the version of Debian are version 2.1.1.
The glassfish v2 open souce code hasn't received any updates since 2010, not even critical security updates.
( https://svn.java.net/svn/glassfish~svn/trunk/v2/ )
Only the Oracle Enterprise version is still maintained.
Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may contains severe security flaws.
We just don't know, right?

The v3 version is very stable and actively maintained. I would consider shipping it instead of v2.

Thanks,
Benjamin Jaton

Reply to: