I've finished with my second major round of security changes. I've added a Wiki page describing the current Security state and a bullet list of the outstanding items that we're aware of.
http://wiki.apache.org/geronimo/Security Aaron P.S. The Wiki said it was mailing commit messages to [EMAIL PROTECTED] but I haven't actually received them -- I wonder if there's spam blocking going on or what.
