The recent problems detected in LoginModule implementation are also applicable to code in branches\1.2, branches\1.1 etc. Though it has not resulted in a security issue in other releases as serious as the one Donald has unearthed in 2.0 release, the code is not as per what JAAS recommends. Should we worry about fixing these LoginModule implementation classes in other branches?
Vamsi