On mar., 2012-07-17 at 14:39 -0700, Benjamin Jaton wrote: > Hello, > > The packages glassfish-* shipped in all the version of Debian are > version 2.1.1. > The glassfish v2 open souce code hasn't received any updates since > 2010, not even critical security updates. > ( https://svn.java.net/svn/glassfish~svn/trunk/v2/ ) > Only the Oracle Enterprise version is still maintained. > Even if those are not the full server stack > ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may > contains severe security flaws. > We just don't know, right? Do you have specific pointers about those “severe security flaws” or is it just random guesses? The security tracker only tracks known security issues. > > The v3 version is very stable and actively maintained. I would > consider shipping it instead of v2. For Wheezy, that won't happen. For next version, you're free to contact packagers. > Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part