Re: notice: javaserverfaces/mojarra is read-only now
toggle quoted messageShow quoted text
We contribute fixes for legacy versions of Mojarra (often for 2.2.x, rarely for 2.1.x, and only for security vulnerabilities in 1.2.x). We want to be able to continue contributing fixes and repairs for our mutual customers and community. Mojarra 2.2.x (JavaEE 7) is still widely used and probably needs to be updated quarterly. 2.1.x only needs to be updated when serious bugs or security vulnerabilities are fixed, so once or twice a year. Security issues are the only reason that 1.2.x needs to be updated, so in the rare instance that a security bug is found in 1.2.x, it would need to be updated.
On Tue, Apr 24, 2018 at 11:40 AM, Ed Bratt <ed.bratt@...> wrote: