Description: Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear-text messages which were supposed to be encrypted.
This security issue is fixed by Apache MINA 2.0.21 or Apache MINA 2.0.21. Please migrate to those new versions. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com