Version 13

    Page listing all the security vulnerabilities in JBoss community projects, for the benefit of the community.

     

     

     

    ===========================================

    Date:  20 Oct 2011

    Statement Regarding Security Threat to JBoss Application Server

     

    Read more about it here.

    ========================

     

     

    ======================================================

    Date: 19 Sep 2011

     

    You can obtain a release that is either v2.0.1.final or later from

    http://www.jboss.org/picketlink/downloads

     

    There was one security issue that has been fixed in 2.0.1.final

    https://issues.jboss.org/browse/PLFED-229

     

    ======================================================

    Date: 14 Apr 2011

     

    Summary:  Secure your community JBoss AS

    with http://community.jboss.org/docs/DOC-12188

     

    Read:  http://community.jboss.org/wiki/JBossBotsMalwareSecurityetc

    ======================================================

     

     

     

     

    ======================================================

    Date: 21 Feb 2011

    Security Issue :  Oracle has released Update 24 for JDK6 for CVE-2010-4476

     

    Read: http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html

    What you should do?

    • Upgrade to JDK6 Update 24 right away.
    • If you do not have opportunities to upgrade, run the Update Tool whose details have been posted below on 9 Feb 2011.

     

    =============================================================

     

     

     

     

     

    ==============================================================

    Date: 9 Feb 2011

     

    Security Issue:  JBoss and  CVE-2010-4476

     

    This affects all Java applications running on the Oracle/Sun JVM. Natually, JBoss Application

    Server is affected.  The resolution is provided by Oracle at


    http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html

     

    Upgrade to Oracle JVM JDK6 Update 23 . Then use the Floating Point Updater Tool from http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater   If you are unable to upgrade the JDK, just run the FP updater tool.

     

    Once Update 24 is released shortly, the fix will be part of JDK and no need for updater tool.

    ===============================================================

     

     

     

     

     

     

     

     

     

    Date: 26 April 2010

    Security Issue:  JBoss and CVE-2010-0738

    This is a community courtesy notification for a severe security issue affecting some of the JBoss projects and products. Please refer to the following Red Hat KBase article for more information:

     

    JBoss Products & CVE-2010-0738

     

    As a Red Hat/JBoss enterprise customer (paying), you are already notified via the official channels: RHN, CSP etc. Patches/updated products are available to you.

     

    If you are an user of the community project: JBoss Application Server, then you may be affected. Please refer to the kbase article for possible solutions.
    ===============================================================