Muss ich Dir wirklich erläutern, was "Stand der Technik" bedeutet? Aber nun gut, da Du nach einer klaren "sachlichen" Antwort gebeten hast. Nichts einfacher wie das: Hier der Link auf das Changelog der "aktuellen" (aus 2007, was für eine Farce) 2.2.6er Version was so alles in Deiner 2.2.5er an Bugs schlummert, einige davon klingen gar nicht mal so übel wenn ich böses im Schilde führen würde:

• Fixed cookie parsing bug, if the cookie value contains a '='
• Fixed SAX parsing of stores and remote resource description (allow multiple 'characters' call for one value)
• Removed an unneeded synchronization point in HTTPFrame.getURL()
• Added an extra SP when exporting auth headers with different components
• Fixed source code to remove 'enum' as it is now a keywork starting with JDK 1.5
• Fixed client connection deletion in connection reuse, it was leading to a leak in the client hashtable (and to lots of connections in CLOSE_WAIT).
• Fixed bug in DateParser (wrong timezone offset) thanks to Menno Jonkers
• Optimized a bit Digest Auth (the RFC2069 one) and implemented Digest Auth with qop="auth" per RFC2617 (available with SecurityLevel set to 2), See DigestQopAuthPrincipal
• Fixed a few WebDAV properties that were using wrong formats
• HeaderFilter now sets the relevant headers even when the reply is sent via the exception mechanism.
• More SSL and servlet related patches from Thomas Kopp.
• ActiveStream patch, under some condition, the same data could be re-read a data chunk (thanks to Doug Borland)
• The servlet parameter decoding now uses the right charset.
• Fixed error when file timestamp was not modified but the file was actually modified.
• Fixed deadlock during store change notification when the sweeper is running (very rare)
• Fixed server client count when load is raising from LIGHT to DEAD
• Fixed Segment information unpickle, as the segment start and size were not properly parsed, leading to an infinite loop
• More SSL patches from Thomas Kopp, see changelog for more details.
• Fixed connection count when MimeParser did not started and connection was new.
• Client stack now reuses the connection timeout parameter.

„einige davon klingen gar nicht mal so übel wenn ich böses im Schilde führen würde“

Mit Verlaub, aber Du führst Böses im Schilde.