You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openwebbeans.apache.org by Jean-Louis Monteiro <jl...@tomitribe.com> on 2022/05/24 11:08:17 UTC
Tomcat 7.x EOL
Hi,
I was doing some dependency updates on OpenWebBeans and wanted to do a
release and I noticed we still have Tomcat 7.x in OWB.
Shouldn't we try to move to the latest javax compatible version (aka 9.x)?
Tomcat 7.x is EOL and has many CVEs.
What do you think?
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
Re: Tomcat 7.x EOL
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
Thanks for the feedback. I'll create a ticket and execute on it
Le ven. 3 juin 2022 à 16:21, Rémy Maucherat <re...@apache.org> a écrit :
> On Tue, May 24, 2022 at 2:10 PM Romain Manni-Bucau
> <rm...@gmail.com> wrote:
> >
> > Hi,
> >
> > Since Tomcat enhanced InstanceManager I guess we can upgrade and
> decrease a
> > lot the hacks/reflection we used by the past.
> > Only open point on my side is: is it worth having a tomcat integration? I
> > know very few users of that but generally speaking the web integration is
> > really sufficient so do we want to keep it or let tomcat handle it -
> > https://github.com/apache/tomcat/tree/main/modules/owb?
>
> No problem, I'll keep on doing it (just in case someone comes along
> wanting something that depends on cdi). For sure you should
> immediately remove any code that depends on or supports Tomcat 7.
>
> Rémy
>
> > Romain Manni-Bucau
> > @rmannibucau <https://twitter.com/rmannibucau> | Blog
> > <https://rmannibucau.metawerx.net/> | Old Blog
> > <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> > LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> > <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
> >
> >
> > Le mar. 24 mai 2022 à 13:09, Jean-Louis Monteiro <
> jlmonteiro@tomitribe.com>
> > a écrit :
> >
> > > Hi,
> > >
> > > I was doing some dependency updates on OpenWebBeans and wanted to do a
> > > release and I noticed we still have Tomcat 7.x in OWB.
> > >
> > > Shouldn't we try to move to the latest javax compatible version (aka
> 9.x)?
> > > Tomcat 7.x is EOL and has many CVEs.
> > >
> > > What do you think?
> > > --
> > > Jean-Louis Monteiro
> > > http://twitter.com/jlouismonteiro
> > > http://www.tomitribe.com
> > >
>
Re: Tomcat 7.x EOL
Posted by Rémy Maucherat <re...@apache.org>.
On Tue, May 24, 2022 at 2:10 PM Romain Manni-Bucau
<rm...@gmail.com> wrote:
>
> Hi,
>
> Since Tomcat enhanced InstanceManager I guess we can upgrade and decrease a
> lot the hacks/reflection we used by the past.
> Only open point on my side is: is it worth having a tomcat integration? I
> know very few users of that but generally speaking the web integration is
> really sufficient so do we want to keep it or let tomcat handle it -
> https://github.com/apache/tomcat/tree/main/modules/owb?
No problem, I'll keep on doing it (just in case someone comes along
wanting something that depends on cdi). For sure you should
immediately remove any code that depends on or supports Tomcat 7.
Rémy
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <https://www.packtpub.com/application-development/java-ee-8-high-performance>
>
>
> Le mar. 24 mai 2022 à 13:09, Jean-Louis Monteiro <jl...@tomitribe.com>
> a écrit :
>
> > Hi,
> >
> > I was doing some dependency updates on OpenWebBeans and wanted to do a
> > release and I noticed we still have Tomcat 7.x in OWB.
> >
> > Shouldn't we try to move to the latest javax compatible version (aka 9.x)?
> > Tomcat 7.x is EOL and has many CVEs.
> >
> > What do you think?
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
Re: Tomcat 7.x EOL
Posted by Mark Struberg <st...@yahoo.de.INVALID>.
+1 let's get rid of it!
LieGrue,
strub
> Am 24.05.2022 um 15:48 schrieb Jean-Louis MONTEIRO <je...@gmail.com>:
>
> I don't think they do much with it either to be honest.
> If we keep it, I would upgrade Tomcat in OWB.
> If we yank the integration because it's not used anyways, I'm ok with it.
>
> Le mar. 24 mai 2022 à 14:10, Romain Manni-Bucau <rm...@gmail.com> a
> écrit :
>
>> Hi,
>>
>> Since Tomcat enhanced InstanceManager I guess we can upgrade and decrease a
>> lot the hacks/reflection we used by the past.
>> Only open point on my side is: is it worth having a tomcat integration? I
>> know very few users of that but generally speaking the web integration is
>> really sufficient so do we want to keep it or let tomcat handle it -
>> https://github.com/apache/tomcat/tree/main/modules/owb?
>>
>> Romain Manni-Bucau
>> @rmannibucau <https://twitter.com/rmannibucau> | Blog
>> <https://rmannibucau.metawerx.net/> | Old Blog
>> <http://rmannibucau.wordpress.com> | Github <
>> https://github.com/rmannibucau> |
>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
>> <
>> https://www.packtpub.com/application-development/java-ee-8-high-performance
>>>
>>
>>
>> Le mar. 24 mai 2022 à 13:09, Jean-Louis Monteiro <jlmonteiro@tomitribe.com
>>>
>> a écrit :
>>
>>> Hi,
>>>
>>> I was doing some dependency updates on OpenWebBeans and wanted to do a
>>> release and I noticed we still have Tomcat 7.x in OWB.
>>>
>>> Shouldn't we try to move to the latest javax compatible version (aka
>> 9.x)?
>>> Tomcat 7.x is EOL and has many CVEs.
>>>
>>> What do you think?
>>> --
>>> Jean-Louis Monteiro
>>> http://twitter.com/jlouismonteiro
>>> http://www.tomitribe.com
>>>
>>
>
>
> --
> Jean-Louis
Re: Tomcat 7.x EOL
Posted by Jean-Louis MONTEIRO <je...@gmail.com>.
I don't think they do much with it either to be honest.
If we keep it, I would upgrade Tomcat in OWB.
If we yank the integration because it's not used anyways, I'm ok with it.
Le mar. 24 mai 2022 à 14:10, Romain Manni-Bucau <rm...@gmail.com> a
écrit :
> Hi,
>
> Since Tomcat enhanced InstanceManager I guess we can upgrade and decrease a
> lot the hacks/reflection we used by the past.
> Only open point on my side is: is it worth having a tomcat integration? I
> know very few users of that but generally speaking the web integration is
> really sufficient so do we want to keep it or let tomcat handle it -
> https://github.com/apache/tomcat/tree/main/modules/owb?
>
> Romain Manni-Bucau
> @rmannibucau <https://twitter.com/rmannibucau> | Blog
> <https://rmannibucau.metawerx.net/> | Old Blog
> <http://rmannibucau.wordpress.com> | Github <
> https://github.com/rmannibucau> |
> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
> <
> https://www.packtpub.com/application-development/java-ee-8-high-performance
> >
>
>
> Le mar. 24 mai 2022 à 13:09, Jean-Louis Monteiro <jlmonteiro@tomitribe.com
> >
> a écrit :
>
> > Hi,
> >
> > I was doing some dependency updates on OpenWebBeans and wanted to do a
> > release and I noticed we still have Tomcat 7.x in OWB.
> >
> > Shouldn't we try to move to the latest javax compatible version (aka
> 9.x)?
> > Tomcat 7.x is EOL and has many CVEs.
> >
> > What do you think?
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
>
--
Jean-Louis
Re: Tomcat 7.x EOL
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi,
Since Tomcat enhanced InstanceManager I guess we can upgrade and decrease a
lot the hacks/reflection we used by the past.
Only open point on my side is: is it worth having a tomcat integration? I
know very few users of that but generally speaking the web integration is
really sufficient so do we want to keep it or let tomcat handle it -
https://github.com/apache/tomcat/tree/main/modules/owb?
Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> | Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>
Le mar. 24 mai 2022 à 13:09, Jean-Louis Monteiro <jl...@tomitribe.com>
a écrit :
> Hi,
>
> I was doing some dependency updates on OpenWebBeans and wanted to do a
> release and I noticed we still have Tomcat 7.x in OWB.
>
> Shouldn't we try to move to the latest javax compatible version (aka 9.x)?
> Tomcat 7.x is EOL and has many CVEs.
>
> What do you think?
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>