geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Jiang <>
Subject [ANNOUNCE] Apache Geronimo 2.2.1 Release
Date Sat, 11 Dec 2010 16:32:56 GMT
The Apache Geronimo project is pleased to announce the available of Apache
Geronimo v2.2.1 server. This release includes many new features,
improvements, and bug fixes. Please see the detail information in 2.2.1
release notes[1] or 2.2.x Security Report[2].

A couple of highlights are:

* Stateless Session Bean Failover support
* Web console navigation improvements .
* JMX over SSL improvements
* Added built-in user "monitor" who only has read-only access to monitoring
* Encrypt password strings in deployment plans
* Start Derby NetworkServerControl with credentials to prevent unauthorized
* Add db2 for iSeries tranql xa connector to server
* Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, ActiveMQ to 5.4.1, OpenJPA to
1.2.2, Aixs2 to 1.5.2, txmanager to 2.2.1, CXF to 2.1.10, Myfaces to
1.2.8, Derby to, WADI to 2.1.2 etc.

Fixed vulnerabilities are:

* CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD
based XML attacks.
* CVE-2010-1622: Spring Framework execution of arbitrary code
* CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information
Disclosure Vulnerability

The individual jars and plugins have been available through maven
repository, and you can also download the source jar and assemblies in
download site[3].

A big THANK YOU to all that contributed to this release!  Great work



View raw message