A security hole has been found that allows JSP source to be viewed remotely.
This problem is present in the Jetty versions packaged as JBossWeb in JBoss versions 3.0.1 and 3.0.2. JBoss/Tomcat users need take NO action. Two upgrade paths are available : EITHER: Upgrade to JBoss 3.2 http://sourceforge.net/project/showfiles.php?group_id=22866 OR: download Jetty-4.1.0RC5 or above from : http://sourceforge.net/project/showfiles.php?group_id=7322 and replace the org.mortbay.jetty.jar and the org.mortbay.jmx.jars in your JBoss distrib's jbossweb.sar directories with the ones included in the lib/ directory of this package. Jules ------------------------------------------------------- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development