You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Shawn Jiang <ge...@gmail.com> on 2010/12/11 17:32:56 UTC

[ANNOUNCE] Apache Geronimo 2.2.1 Release

The Apache Geronimo project is pleased to announce the available of Apache
Geronimo v2.2.1 server. This release includes many new features,
improvements, and bug fixes. Please see the detail information in 2.2.1
release notes[1] or 2.2.x Security Report[2].

A couple of highlights are:

* Stateless Session Bean Failover support
* Web console navigation improvements .
* JMX over SSL improvements
* Added built-in user "monitor" who only has read-only access to monitoring
pages.
* Encrypt password strings in deployment plans
* Start Derby NetworkServerControl with credentials to prevent unauthorized
shutdowns
* Add db2 for iSeries tranql xa connector to server
* Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, ActiveMQ to 5.4.1, OpenJPA to
1.2.2, Aixs2 to 1.5.2, txmanager to 2.2.1, CXF to 2.1.10, Myfaces to
1.2.8, Derby to 10.5.3.0_1, WADI to 2.1.2 etc.

Fixed vulnerabilities are:

* CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD
based XML attacks.
* CVE-2010-1622: Spring Framework execution of arbitrary code
* CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information
Disclosure Vulnerability

The individual jars and plugins have been available through maven
repository, and you can also download the source jar and assemblies in
download site[3].

A big THANK YOU to all that contributed to this release! Great work
everyone!

[1]
http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-2.2.1/RELEASE_NOTES-2.2.1.txt
[2]
https://cwiki.apache.org/confluence/display/GMOxSITE/2.2.x+Security+Report
[3]http://www.apache.org/dist/geronimo/2.2.1/

--
Shawn

Re: [ANNOUNCE] Apache Geronimo 2.2.1 Release

Posted by Ivan <xh...@gmail.com>.

Congrats !

2010/12/12 Shawn Jiang <ge...@gmail.com>

> The Apache Geronimo project is pleased to announce the available of Apache
> Geronimo v2.2.1 server. This release includes many new features,
> improvements, and bug fixes. Please see the detail information in 2.2.1
> release notes[1] or 2.2.x Security Report[2].
>
> A couple of highlights are:
>
> * Stateless Session Bean Failover support
> * Web console navigation improvements .
> * JMX over SSL improvements
> * Added built-in user "monitor" who only has read-only access to monitoring
> pages.
> * Encrypt password strings in deployment plans
> * Start Derby NetworkServerControl with credentials to prevent unauthorized
> shutdowns
> * Add db2 for iSeries tranql xa connector to server
> * Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, ActiveMQ to 5.4.1, OpenJPA to
> 1.2.2, Aixs2 to 1.5.2, txmanager to 2.2.1, CXF to 2.1.10, Myfaces to
> 1.2.8, Derby to 10.5.3.0_1, WADI to 2.1.2 etc.
>
>
> Fixed vulnerabilities are:
>
> * CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD
> based XML attacks.
> * CVE-2010-1622: Spring Framework execution of arbitrary code
> * CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information
> Disclosure Vulnerability
>
>
> The individual jars and plugins have been available through maven
> repository, and you can also download the source jar and assemblies in
> download site[3].
>
> A big THANK YOU to all that contributed to this release!  Great work
> everyone!
>
> [1]
> http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-2.2.1/RELEASE_NOTES-2.2.1.txt
> [2]
> https://cwiki.apache.org/confluence/display/GMOxSITE/2.2.x+Security+Report
> [3]http://www.apache.org/dist/geronimo/2.2.1/
>
> --
> Shawn
>
>


-- 
Ivan

Re: [ANNOUNCE] Apache Geronimo 2.2.1 Release

Posted by han hongfang <ha...@gmail.com>.

Congrats~

On Mon, Dec 13, 2010 at 9:33 AM, Rex Wang <rw...@gmail.com> wrote:

> Congrats everyone!
>
> -Rex
>
>  2010/12/12 Shawn Jiang <ge...@gmail.com>
>
>>  The Apache Geronimo project is pleased to announce the available of
>> Apache Geronimo v2.2.1 server. This release includes many new features,
>> improvements, and bug fixes. Please see the detail information in 2.2.1
>> release notes[1] or 2.2.x Security Report[2].
>>
>> A couple of highlights are:
>>
>>    * Stateless Session Bean Failover support
>>  * Web console navigation improvements .
>>  * JMX over SSL improvements
>>  * Added built-in user "monitor" who only has read-only access to
>> monitoring pages.
>>  * Encrypt password strings in deployment plans
>>  * Start Derby NetworkServerControl with credentials to prevent
>> unauthorized shutdowns
>>  * Add db2 for iSeries tranql xa connector to server
>>  * Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, ActiveMQ to 5.4.1, OpenJPA
>> to 1.2.2, Aixs2 to 1.5.2, txmanager to 2.2.1, CXF to 2.1.10, Myfaces to
>> 1.2.8, Derby to 10.5.3.0_1, WADI to 2.1.2 etc.
>>
>>
>> Fixed vulnerabilities are:
>>
>>  * CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables
>> DTD based XML attacks.
>>  * CVE-2010-1622: Spring Framework execution of arbitrary code
>>  * CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information
>> Disclosure Vulnerability
>>
>>
>> The individual jars and plugins have been available through maven
>> repository, and you can also download the source jar and assemblies in
>> download site[3].
>>
>> A big THANK YOU to all that contributed to this release!  Great work
>> everyone!
>>
>> [1]
>> http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-2.2.1/RELEASE_NOTES-2.2.1.txt
>> [2]
>> https://cwiki.apache.org/confluence/display/GMOxSITE/2.2.x+Security+Report
>> [3]http://www.apache.org/dist/geronimo/2.2.1/
>>
>> --
>> Shawn
>>
>>
>
>
> --
> Lei Wang (Rex)
> rwonly AT apache.org
>



-- 
Best regards,

Han Hong Fang (Janet)
hanhongfang AT apache.org

Re: [ANNOUNCE] Apache Geronimo 2.2.1 Release

Posted by Rex Wang <rw...@gmail.com>.

Congrats everyone!

-Rex

2010/12/12 Shawn Jiang <ge...@gmail.com>

> The Apache Geronimo project is pleased to announce the available of Apache
> Geronimo v2.2.1 server. This release includes many new features,
> improvements, and bug fixes. Please see the detail information in 2.2.1
> release notes[1] or 2.2.x Security Report[2].
>
> A couple of highlights are:
>
> * Stateless Session Bean Failover support
> * Web console navigation improvements .
> * JMX over SSL improvements
> * Added built-in user "monitor" who only has read-only access to monitoring
> pages.
> * Encrypt password strings in deployment plans
> * Start Derby NetworkServerControl with credentials to prevent unauthorized
> shutdowns
> * Add db2 for iSeries tranql xa connector to server
> * Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, ActiveMQ to 5.4.1, OpenJPA to
> 1.2.2, Aixs2 to 1.5.2, txmanager to 2.2.1, CXF to 2.1.10, Myfaces to
> 1.2.8, Derby to 10.5.3.0_1, WADI to 2.1.2 etc.
>
>
> Fixed vulnerabilities are:
>
> * CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD
> based XML attacks.
> * CVE-2010-1622: Spring Framework execution of arbitrary code
> * CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information
> Disclosure Vulnerability
>
>
> The individual jars and plugins have been available through maven
> repository, and you can also download the source jar and assemblies in
> download site[3].
>
> A big THANK YOU to all that contributed to this release!  Great work
> everyone!
>
> [1]
> http://svn.apache.org/repos/asf/geronimo/server/tags/geronimo-2.2.1/RELEASE_NOTES-2.2.1.txt
> [2]
> https://cwiki.apache.org/confluence/display/GMOxSITE/2.2.x+Security+Report
> [3]http://www.apache.org/dist/geronimo/2.2.1/
>
> --
> Shawn
>
>


-- 
Lei Wang (Rex)
rwonly AT apache.org