geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Hogstrom <m...@hogstrom.org>
Subject Re: Merge GERONIMO-2313 into 1.1.1??
Date Wed, 16 Aug 2006 16:31:01 GMT
After agonizing over this on IRC let's put in 2313.  Close the door and start testing.

David Jencks wrote:
> GERONIMO-2313 is a fairly serious security problem: basically ejb 
> security is totally broken when the ejb is called from a web app.
> 
> I think this could be merged easily from the 1.1 branch into 1.1.1, 
> however it requires openejb changes as well.
> 
> Alan suggested that since 1.1.1 is already delayed for security problems 
> we might want to  include this fix as well.
> 
> I think this is a good idea but wait for Matt the release manager's 
> approval.
> 
> thanks
> david jencks
> 
> 
> 
> 

Mime
View raw message