|
| 1.1.2.10 | modified | starksm | jmx/src/main/org/jboss/mx/loading/LoadMgr3.java | Missed the setting of the class resource when not running with a security manager |
| 1.1.2.10 | modified | starksm | varia/src/main/org/jboss/invocation/http/servlet/InvokerServlet.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.4.3 | modified | starksm | jboss.net/src/main/org/jboss/net/axis/server/JBossAuthenticationHandler.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | server/src/main/org/jboss/security/GetPrincipalInfoAction.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.10.4.2 | modified | starksm | server/src/main/org/jboss/security/SecurityAssociation.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.4.2 | modified | starksm | server/src/main/org/jboss/security/SecurityAssociationAuthenticator.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.3.4.1 | modified | starksm | server/src/main/org/jboss/proxy/compiler/Runtime.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.9.2.3 | modified | starksm | server/src/main/org/jboss/proxy/ejb/handle/StatefulHandleImpl.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.8.4.2 | modified | starksm | server/src/main/org/jboss/naming/ENCFactory.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.4.2.3 | modified | starksm | server/src/main/org/jboss/proxy/SecurityInterceptor.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.4 | modified | starksm | server/src/main/org/jboss/invocation/InvocationStatistics.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.4.2.1 | modified | starksm | server/src/main/org/jboss/invocation/MarshalledValueOutputStream.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.7.2.3 | modified | starksm | server/src/main/org/jboss/invocation/local/LocalInvoker.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.50.2.16 | modified | starksm | server/src/main/org/jboss/ejb/plugins/jms/JMSContainerInvoker.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.2.2.6 | modified | starksm | server/src/main/org/jboss/ejb/plugins/local/BaseLocalProxyFactory.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.6 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc2/bridge/JDBCCMRFieldBridge2.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/metadata/GetTCLAction.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.3 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/metadata/JDBCAuditMetaData.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.2.2.2 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/metadata/JDBCEntityCommandMetaData.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.17.4.24 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/metadata/JDBCEntityMetaData.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.3 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/metadata/JDBCOptimisticLockingMetaData.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/keygen/GetTCLAction.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.3 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/keygen/JDBCInformixCreateCommand.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.2 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/keygen/JDBCMySQLCreateCommand.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.43.2.67 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/bridge/JDBCCMRFieldBridge.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.5 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/CascadeDeleteStrategy.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.7.4.7 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/JDBCQueryManager.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.11.2.16 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/JDBCTypeFactory.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | server/src/main/org/jboss/ejb/plugins/cmp/jdbc/TCLStack.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.32.2.12 | modified | starksm | server/src/main/org/jboss/ejb/plugins/AbstractInstanceCache.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.5.4.10 | modified | starksm | server/src/main/org/jboss/ejb/plugins/EntityMultiInstanceSynchronizationInterceptor.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.67.2.20 | modified | starksm | server/src/main/org/jboss/ejb/plugins/EntitySynchronizationInterceptor.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.32.2.3 | modified | starksm | server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.9.2.1 | modified | starksm | server/src/main/org/jboss/ejb/plugins/SessionObjectInputStream.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.8.2.1 | modified | starksm | server/src/main/org/jboss/ejb/plugins/SessionObjectOutputStream.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | server/src/main/org/jboss/ejb/plugins/SetPrincipalInfoAction.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.40.2.3 | modified | starksm | server/src/main/org/jboss/ejb/plugins/StatefulSessionFilePersistenceManager.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.31.2.7 | modified | starksm | server/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | server/src/main/org/jboss/ejb/plugins/TCLStack.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.27.2.14 | modified | starksm | server/src/main/org/jboss/ejb/plugins/TxInterceptorCMT.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.96.2.21 | modified | starksm | server/src/main/org/jboss/ejb/Container.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.4.2.8 | modified | starksm | server/src/main/org/jboss/ejb/GlobalTxEntityMap.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.8.2.22 | modified | starksm | connector/src/main/org/jboss/resource/connectionmanager/JBossManagedConnectionPool.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.4.1 | modified | starksm | connector/src/main/org/jboss/resource/connectionmanager/PoolFiller.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.3.2.6 | modified | starksm | connector/src/main/org/jboss/resource/security/AbstractPasswordCredentialLoginModule.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.3.2.5 | modified | starksm | connector/src/main/org/jboss/resource/security/CallerIdentityLoginModule.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.6.2.4 | modified | starksm | connector/src/main/org/jboss/resource/security/ConfiguredIdentityLoginModule.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | connector/src/main/org/jboss/resource/security/GetPrincipalInfoAction.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.2 | modified | starksm | connector/src/main/org/jboss/resource/security/SecureIdentityLoginModule.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | connector/src/main/org/jboss/resource/security/SubjectActions.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.2.2.2 | modified | starksm | connector/src/main/org/jboss/resource/adapter/jms/JmsCred.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.18.2.26 | modified | starksm | connector/src/main/org/jboss/resource/connectionmanager/BaseConnectionManager2.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.4.2.13 | modified | starksm | connector/src/main/org/jboss/resource/adapter/jdbc/BaseWrapperManagedConnectionFactory.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.1.1.2.7 | modified | starksm | tomcat/src/main/org/jboss/web/tomcat/security/JBossSecurityMgrRealm.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationActions.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.1.1.2.3 | modified | starksm | tomcat/src/main/org/jboss/web/tomcat/security/SecurityAssociationValve.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.6.2.8 | modified | starksm | security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.4.2.1 | modified | starksm | security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.27.2.11 | modified | starksm | security/src/main/org/jboss/security/plugins/JaasSecurityManager.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.12.4.13 | modified | starksm | security/src/main/org/jboss/security/plugins/JaasSecurityManagerService.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.3.4.5 | modified | starksm | security/src/main/org/jboss/security/ClientLoginModule.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.1 | modified | starksm | security/src/main/org/jboss/security/SecurityAssociationActions.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.1.2.2 | modified | starksm | security/src/main/org/jboss/security/AltClientLoginModule.java | Update the use of priviledged code blocks to isolate the actions that shouldbe permissioned based on the jboss permissions vs user code |
| 1.9.2.14 | modified | starksm | jmx/src/main/org/jboss/mx/server/AbstractMBeanInvoker.java | Move the TCLStack to a package protected class so that the jmx codebasepriviledges determine the ability to manipulate the TCL. |
| 1.4.2.4 | modified | starksm | jmx/src/main/org/jboss/mx/server/RawDynamicInvoker.java | Move the TCLStack to a package protected class so that the jmx codebasepriviledges determine the ability to manipulate the TCL. |
| 1.1.2.1 | modified | starksm | jmx/src/main/org/jboss/mx/server/TCLStack.java | Move the TCLStack to a package protected class so that the jmx codebasepriviledges determine the ability to manipulate the TCL. |
| 1.2.4.5 | deleted | starksm | common/src/main/org/jboss/util/TCLStack.java | Remove the TCLStack as its a security issue since it allowed unpriviledgedcode to manipulate the TCL. |
