A security hole has been found that allows JSP source to be viewed
remotely.
This problem is present in the Jetty versions packaged as JBossWeb in
JBoss versions 3.0.1 and 3.0.2.
JBoss/Tomcat users need take NO action.
Two upgrade paths are available :
EITHER:
Upgrade to JBoss 3.2
http://sourceforge.net/project/showfiles.php?group_id=22866
OR:
download Jetty-4.1.0RC5 or above from :
http://sourceforge.net/project/showfiles.php?group_id=7322
and replace the org.mortbay.jetty.jar and the org.mortbay.jmx.jars in
your JBoss distrib's jbossweb.sar directories with the ones included
in the lib/ directory of this package.
Jules