Please note that everyone using a prior Geronimo 2.0.x through 2.1.3
release is urged to upgrade to the 2.1.4 level ASAP.
The security vulnerabilities (XSS, XSRF and multiple directory traversal
vulnerabilities) were mentioned on the ZDNet website last week and in
their Zero Day newsletter -
http://blogs.zdnet.com/security/?p=3268
-Donald
Joe Bohn wrote:
The Apache Geronimo project is pleased to announce the available of
Apache Geronimo v2.1.4 server. This is primarily a maintenance release.
Among the updates and fixes included in the release are several security
fixes for vulnerabilities in the administration console. Details of the
security vulnerabilities fixed in this release can be found in the
Security Report:
http://geronimo.apache.org/21x-security-report.html
Other fixes and enhancements are listed in the Release Notes:
http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT
Visit the Downloads page for details on downloading Apache Geronimo
v2.1.4 server assemblies:
http://geronimo.apache.org/downloads.html
A big THANK YOU to all that contributed to this release! Great work
everyone!
Joe