On mar., 2012-07-17 at 14:39 -0700, Benjamin Jaton wrote:
> Hello,
>
> The packages glassfish-* shipped in all the version of Debian are
> version 2.1.1.
> The glassfish v2 open souce code hasn't received any updates since
> 2010, not even critical security updates.
> (
https://svn.java.net/svn/glassfish~svn/trunk/v2/ )
> Only the Oracle Enterprise version is still maintained.
> Even if those are not the full server stack
> (
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may
> contains severe security flaws.
> We just don't know, right?
Do you have specific pointers about those “severe security flaws” or is