Edit Page
 Index > 2010 > 12 > 11 > Apache Geronimo v2.2.1 - Released User List | Dev List | Wiki | Issue Tracker  
  Overview
Home
Documentation
Downloads
News Archive
Project Management
License
Privacy Policy
ASF
  Search
Powered by Google Search
  Community
Events
Get Involved
Committers
Mailing Lists
Discussion Forums
Blog
IRC
FAQ
Wiki
Found a Bug?
Security Reports
Service and Support
ASF Sponsorship
ASF Thanks!
  Development
Javadoc
XML Schemas
Source Code
Coding Standards
Issue Tracker
Related Projects
Release Roadmaps
  Subprojects
Development Tools
Sample Applications
GBuild
GShell
XBean
Yoko
Java EE Specs
Components
Plugins
RSS News
RSS Site Changes
ATOM User Mailing List
ATOM Developer Mailing List

Dec 11, 2010

The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.2.1 server. This release includes many new features, improvements, and bug fixes. Please see information in 2.2.1 release notes  or 2.2.x Security Report for details.

A couple of highlights are:

  • Stateless Session Bean Failover support
  • Web console navigation improvements .
  • JMX over SSL improvements
  • Added built-in user "monitor" who only has read-only access to monitoring pages.
  • Encrypt password strings in deployment plans
  • Start Derby NetworkServerControl with credentials to prevent unauthorized shutdowns
  • Add db2 for iSeries tranql xa connector to server
  • Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, Derby to 10.5.3.0_1,ActiveMQ to 5.4.1,OpenJPA to 1.2.2,txmanager to 2.2.1,WADI to 2.1.2,CXF to 2.1.10,Myfaces to 1.2.8,Aixs2 to 1.5.2,javamail to 1.8.2 etc.

Fixed vulnerabilities are:

  • CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.
  • CVE-2010-1622: Spring Framework execution of arbitrary code
  • CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability

Visit the Downloads page for details on downloading Apache Geronimo v2.2.1 server assemblies.