THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
search
attachments
weblink
advanced
Overview
Content Tools
Apps
2008-08-05
The Apache Geronimo project is pleased to announce the new v2.1.2 release. This release is primarily a maintenance upgrade that pulls together fixes not only for Geronimo but also other key components included in the server. Improvements have been made in the administrative console, GShell command line processing, messages, and numerous other areas. Details of the fixes included can be seen in the Release Notes. Many issues have also been resolved in newer versions of core components that have been included in this Geronimo release. Geronimo v2.1.2 component upgrades include Tomcat 6.0.16, CXF 2.0.8, JavaMail 1.5, MyFaces 1.2.3, WADI 2.0, and Yoko 1.0 among others.
Visit the Downloads page for details on downloading Apache Geronimo v2.1.2.
2008-04-28
The Apache Geronimo project is pleased to announce the new v2.1.1 release. This release is primarily a maintenance upgrade that pulls together fixes not only for Geronimo but also other key components included in the server. Among the many fixes listed in the Release Notes is the fix for the console PortletSecurityException when https is utilized (GERONIMO-3855), fixes to support plugin management, fixes for monitoring and other Administration Console functions, and many additional fixes. Many issues have also been resolved in newer versions of core components that have been included in this Geronimo release. Geronimo v2.1.1 includes OpenEJB 3.0, OpenJPA 1.0.2, JavaMail 1.4, ActiveMQ 4.1.2, ActiveIO 3.0.1, WADI 2.0-M10, and an updated TranQL connector for DB2 XA.
Visit the Downloads page for details on downloading Apache Geronimo v2.1.1.
April 7-11, 2008 - - ApacheCon EU 2008, Amsterdam
Wednesday, Apr 09 11:30 Securing Java EE 5.0 Applications with Apache Geronimo by Vamsavardhana Reddy
Friday, Apr 11 10:00 Administering Apache Geronimo 2.x by Vamsavardhana Reddy
Visit ApacheCon EU 2008 for more information.
2008-02-18 Significant changes in this release include custom server assembly capabilities, a more flexible Administration Console, a command-line processing environment, enhanced clustering support for web applications and a server monitoring plugin. See the RELEASE-NOTES-2.1.TXT for further details. Visit the Downloads page for details on downloading Apache Geronimo v2.1.
The Apache Geronimo project is pleased to announce the new v2.1 release. This release represents the latest open source Java Enterprise Edition 5.0 application server from the Apache Geronimo project, and continues the evolution of the Apache Geronimo server by adding new features and capabilities to a fully compliant and certified Java Enterprise Edition 5.0 container suitable for everything from a development environment to enterprise-level deployments.
November 8, 2007 - - Irish Java Technology Conference
Thursday Nov. 8, 16:45 to 18:00 Track 1 - Apache Geronimo: Leveraging Open Source by Jeff Genender.
Check the Irish Java Technology Conference for calendar updates.
2007-10-19 Significant changes in this release include MEJB security, new default JNDI names for EJB's, Updated CA Helper application and numerous bud fixes. See the RELEASE-NOTES-2.0.2.TXT for further details. Visit the Downloads page for details on downloading Apache Geronimo v2.0.2.
The Apache Geronimo project is pleased to announce the new v2.0.2 release. This release represents the latest open source Java Enterprise Edition 5.0 application server from the Apache Geronimo project, and continues the evolution of the Apache Geronimo server by adding new features and capabilities to a fully compliant and certified Java Enterprise Edition 5.0 container suitable for everything from a development environment to enterprise-level deployments.
2007-10-18 We have learned of a security vulnerability in the Apache Tomcat Webdav Servlet implementation. If you use the Tomcat distribution of Geronimo and configure a write-enabled Webdav servlet, you may be affected by this vulnerability. If you do not configure the Webdav servlet or configure read-only Webdav servlets, you are not impacted by this vulnerability. Jetty configurations of Geronimo are not affected by this vulnerability. This vulnerability impacts all Geronimo releases. Up to and including Geronimo 2.0.2. Read the full article for further details and workaround.
For specific information regarding the Tomcat issue, see http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3c47135C2D.1000705@apache.org%3e
By default, Geronimo releases do not use the Webdav servlet. However, it is possible for the Webdav Servlet to be configured or referenced by a user-written application.
The Webdav Servlet could be explicitly configured in a web.xml deployment descriptor as follows:
...
<servlet>
<servlet-name>webdav</servlet-name>
<servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class>
<init-param>
<param-name>readonly</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
Alternatively, a user's application could extend the WebdavServlet, for example:
import org.apache.catalina.servlets.WebdavServlet;
public class MyServlet extends WebdavServlet {
...
If you configure a write-enabled Webdav servlet, we recommend that you:
- Disable write access to the Webdav Servlet until this problem has been fixed, or
- Limit access to the Webdav servlet to only trusted users.
This vulnerability will be fixed in the next release of Geronimo (2.0.3 and/or 2.1).
November 26-30, 2007 - - OS Summit Asia 2007, Hong Kong
Monday Nov 26 14:30 Securing Java EE Applications in Apache Geronimo by Vamsavardhana Reddy.
Monday Nov 26 10:00 Java EE 5 App Development on Geronimo simplified using Eclipse & WTP by Shiva Kumar.
Check OS Summit Asia 2007 for calendar updates.
November 6-8, 2007 - - EclipseWorld 2007, Reston, VA
Thursday, Nov. 8, 08:30 am 503 Introduction to Developing, Debugging and Profiling Java EE Applications by Tim McConnell
Thursday, Nov. 8, 10:00 am 603 Advanced Developing, Debugging and Profiling Java EE Applications by Tim McConnell
Visit EclipseWorld 2007 for more information
In November, two big events. Two opportunities to learn more about security and tooling available in Geronimo. Check the Events page for details.
November 12-16, 2007 - - ApacheCon US 2007, Atlanta
Tuesday, Nov 13 14:30 Securing Java EE Applications in Apache Geronimo by Vamsavardhana Reddy.
Tuesday, Nov 13 10:00 Java EE 5.0 App Development on Geronimo simplified using Eclipse by Shiva Kumar.
Check ApacheCon Atlanta 2007 for calendar updates.
November 26-30, 2007 - - OS Summit Asia 2007, Hong Kong
Monday Nov 26 14:30 Securing Java EE Applications in Apache Geronimo by Vamsavardhana Reddy.
Monday Nov 26 10:00 Java EE 5 App Development on Geronimo simplified using Eclipse & WTP by Shiva Kumar.
Check OS Summit Asia 2007 for calendar updates.
2007-09-06
We have discovered a security vulnerability in Geronimo, where the management EJB (MEJB) allows unchallenged access to Geronimo internals.
As a temporary workaround you can modify the config.xml to disable MEJB.
To disable MEJB make the following modifications to the configuration file at <geronimo_home>/var/config.xml.
Excerpt from config.xml
....
<module name="org.apache.geronimo.configs/openejb/2.0.1/car">
<gbean name="EJBNetworkService">
...
</gbean>
<gbean load="false" name="ejb/mgmt/MEJB"/>
</module>
...
We will be releasing a new version soon to control access to MEJB in a more secure way. This issue will be tracked in JIRA GERONIMO-3456.
2007-08-20 The newly released Apache Geronimo 2.0.1 breaks new ground as the first open source Application Server to provide two certified JAX-WS Web Services implementations: Apache Axis2 and Apache CXF. This capability further highlights the flexibility of Apache Geronimo which also provides two certified web container implementations: Apache Tomcat and Jetty.
This release represents the latest open source Java Enterprise Edition 5.0 application server from the Apache Geronimo project, and continues the evolution of the Apache Geronimo server by adding new features and capabilities to a fully compliant and certified Java Enterprise Edition 5.0 container suitable for everything from a development environment to enterprise-level deployments.
Geronimo 2.0.1 also introduces new features such as simplified development, improved diagnostics and flexible assemblies. Simplified deployment is achieved through the use of standards based programming model enhancements found in Java Enterprise Edition 5.0. This includes support for the Enterprise JavaBeans (EJB3) specification as implemented by the Apache OpenEJB and Apache OpenJPA projects. Here is a list of some of these programming enhancements:
- Streamlined development options provided with Java Enterprise Edition 5.0
- EJB 3.0 persistence (Java Persistence Architecture)
- A programming model that uses annotations to express developer defaults in the source code
Improved diagnostic capabilities include enhanced logging, class loader viewer as well as JMX browser which are all available from the web based console. Change logging levels on the fly as well as view existing logs with a set of filters. Looking for a class and wondering where it came from? The class loader viewer let's you find them. Want to see or change the attributes for MBeans in the server? The JMX browser allows you to navigate the MBeans in the server in a simple tree format without having to hook up external consoles or third party products. In addition, the Certification Authority portlet provides a user friendly interface to setup a Certification Authority, your own Public-Key Infrastructure, and use server/client Digital Certificates for securing your applications.
Flexible assemblies are realized through the project's continued promotion of the "Little G" 2.0.1 —a lightweight container offering for projects that don't need the full feature set of Java Enterprise Edition 5.0. Perfect for web-service and SOA deployments, "Little G" brings the modularity, manageability and extensibility of Apache Geronimo to a lightweight assembly that is small in footprint but full of capability.
This flexible, user-friendly, and easy-to-configure application server is built from best-of-breed open source components and is fully licensed under the Apache Software License, offering multiple benefits to organizations and their development teams. They can use Apache Geronimo as-is or, if they so choose, create their own custom offerings without the restrictions imposed by other open source licenses. Flexibility and choice, you have both with Apache Geronimo.
Visit the Downloads page for details on downloading Apache Geronimo v2.0.1
2007-08-13
A security bug was detected earlier today in the deployment module of Apache Geronimo 2.0. The command line deployer tool allowed deployment, both local and remote, without specifying user and password. The source of this problem has been identified and the fix is currently being tested, refer to JIRA-3404 for further details.
Apache Geronimo v2.0 was just in the process of being released however, given the sensitivity of this bug, the release has been brought to a halt. We are currently discussing on the mailing list alternatives to continue with the release process. Here is the link to the thread holding this discussion Geronimo 2.0 Release suspended due to security issue found before release
2007-06-04
The Apache Geronimo project is pleased to announce that we have passed all tests in the Sun Compatibility Test Suite for Java Enterprise Edition 5.0. This is a significant milestone for the project. The 2.0-M6 release is currently in the packaging stage but early binaries can be found here. Join the Apache Geronimo Community in celebrating this significant event.
The official 2.0 release of Apache Geronimo is anticipated at the end of June / early July. Stay tuned!
2007-04-29
This new milestone release of Apache Geronimo represents yet another snapshot of our progress towards a Java Enterprise Edition 5.0 Server runtime.
Overall this new milestone release is more stable and includes additional and enhanced support to the features integrated in the previous milestone releases. Review the 2.0-M5 Release Notes for further details on these updates.
This is a milestone release so it is not recommended for high load deployments. The Apache Geronimo team would very much like user feedback so we can meet your needs as we continue the Drive to Five. See the Downloads page for download information.