I was wondering if you have any suggestions on how to deal with the vulnerability by changing configuration on the web server.


CVE-2011-5034 “Hash values for form parameters computed without restricting hash collisions causing a denial of service” http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5034


Or is there a fix planned in the coming releases of Apache Geronimo jars ?