Hi! Just got the following link over from JBoss people:
http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/ They claim that the way we do our client side state encryption is flawed (as is the one of Mojarra). Any actions we should take? LieGrue, strub
