Let me clarify: What I am saying is that upstream is no longer maintaining it. The Glassfish open source team has made a commit in v2 since 2010.
On Wed, Jul 18, 2012 at 10:39 AM, Benjamin Jaton <[email protected]>wrote: > Hello, > > The packages glassfish-* shipped in all the version of Debian are version > 2.1.1. > The glassfish v2 open souce code hasn't received any updates since 2010, > not even critical security updates. > ( https://svn.java.net/svn/glassfish~svn/trunk/v2/ ) > Only the Oracle Enterprise version is still maintained. > Even if those are not the full server stack ( > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may > contains security flaws. > We just don't know, right? > > The v3 version is very stable and actively maintained. I would consider > shipping it instead of v2. > > Thanks, > Benjamin Jaton
