According to upstream, this version is affected, while Glassfish 188.8.131.52 or
later isn't. Also, take into account that Debian's current version has reached
BTW: why the severity level change?
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.