On Fri, 30 Mar 2012 09:09:36 -0300, trsvax <trs...@gmail.com> wrote:
There is an interesting paper on the Sonotype site.
http://www.sonatype.com/Products/Sonatype-Insight/Why-Insight/Mitigate-Security-Risks/Security-Brief
Tapestry is listed in the top open source downloads with a security
vulnerability. Unfortunately they don't say what version or what the
vulnerability is but it does have an interesting chart with download
numbers.
Without that info, that article is almost worthless for Tapestry itself.
If someone finds a vulnerability in Tapestry, please let us know, file a
JIRA, and we'll fix it. This has been done already at least once, by the
way.
Personally I'm not too worried about this because I think every piece of
software has problems so you fix them and move on. One point I'd agree
with using old versions with known issues is a problem.
Agreed. :)
--
Thiago H. de Paula Figueiredo
Independent Java, Apache Tapestry 5 and Hibernate consultant, developer,
and instructor
Owner, Ars Machina Tecnologia da Informação Ltda.
http://www.arsmachina.com.br
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
