<module name="org.apache.geronimo.configs/openejb/2.0.1/car">
<gbean name="EJBNetworkService">
<attribute name="host">127.0.0.1</attribute>
</gbean>
</module>-Donald Anita Kulshreshtha wrote:
All, We have discovered a security vulnerability in Geronimo, where themanagement EJB (MEJB) allows unchallenged access to Geronimo internals. A temporary workaround is to make the following modifications to the configuration file at <GERONIMO_HOME>/var/config.xml. This will disable MEJB. <module name="org.apache.geronimo.configs/openejb/2.0.1/car"> <gbean name="EJBNetworkService"> ......................................... </gbean> <gbean load="false" name="ejb/mgmt/MEJB"/> </module> We will be releasing a new version soon to control access to MEJB in a more secure way. This issue will be tracked in https://issues.apache.org/jira/browse/GERONIMO-3456 Thanks Anita____________________________________________________________________________________ Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when. http://tv.yahoo.com/collections/222
smime.p7s
Description: S/MIME Cryptographic Signature
