Dec 11, 2010
The Apache Geronimo project is pleased to announce the available of Apache Geronimo v2.2.1 server. This release includes many new features, improvements, and bug fixes. Please see the detail information in 2.2.1 release notes or or 2.2.x Security Report for details.
A couple of highlights include:
- Stateless Session Bean Failover support
- Web console navigation improvements .
- JMX over SSL improvements
- Added built-in user "monitor" who only has read-only access to monitoring pages.
- Encrypt password strings in deployment plans
- Start Derby NetworkServerControl with credentials to prevent unauthorized shutdowns
- Add db2 for iSeries tranql xa connector to server
- Upgrade Tomcat to 6.0.29, OpenEJB to 3.1.4, Derby to 10.5.3.0_1,ActiveMQ to 5.4.1,OpenJPA to 1.2.2,txmanager to 2.2.1,WADI to 2.1.2,CXF to 2.1.10,Myfaces to 1.2.8,Aixs2 to 1.5.2,javamail to 1.8.2 etc.
Fixed vulnerabilities are:
- CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.
- CVE-2010-1622: Spring Framework execution of arbitrary code
- CVE-2010-2227: Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability