After agonizing over this on IRC let's put in 2313. Close the door and start
testing.
David Jencks wrote:
GERONIMO-2313 is a fairly serious security problem: basically ejb
security is totally broken when the ejb is called from a web app.
I think this could be merged easily from the 1.1 branch into 1.1.1,
however it requires openejb changes as well.
Alan suggested that since 1.1.1 is already delayed for security problems
we might want to include this fix as well.
I think this is a good idea but wait for Matt the release manager's
approval.
thanks
david jencks
