The Wink team recently discovered a security issue that may allow an attacker to carry out denial of service attacks and to read arbitrary files on the file system of the node where Wink runs. Details of the vulnerability are described in the following advisory:
https://svn.apache.org/repos/asf/incubator/wink/trunk/security/CVE-2010-2245.docx This vulnerability may potentially be exploited on any Wink installation that receives XML messages from untrusted sources. We strongly recommend to all users who manage this type of installation to follow the instructions in the above advisory in order to mitigate the security risk caused by this vulnerability. -- The Wink team
