This content has been marked as final.
Show 3 replies
-
1. JBoss 5.1.0.GA still has CVE-2009-3555?
jaikiran May 19, 2011 10:59 PM (in response to asmichael)1 of 1 people found this helpfulYou are using the community edition of JBoss AS 5. All those fixes have been made to the enterprise (paid) version of JBoss EAP 5.x series and also in JBoss AS 6.x community edition series.
-
2. Re: JBoss 5.1.0.GA still has CVE-2009-3555?
asmichael Jun 1, 2011 5:51 PM (in response to jaikiran)That's a great help. Is there a way to manually apply these fixes in the community edition of JBoss AS 5? Where would I start?
-
3. Re: JBoss 5.1.0.GA still has CVE-2009-3555?
jaikiran Jun 2, 2011 6:40 AM (in response to asmichael)I haven't tried it myself, so don't really know. For each of those fixes, you'll have to find what files changed from what (sub) project and then apply those patches and rebuild the AS. Easier said than done, for something like this.
Why not upgrade to latest community release and see if it has been fixed or maybe buy the EAP version (which will have these fixes).