Hi,

 

I was wondering if you have any suggestions on how to deal with the vulnerability by changing configuration on the web server.

 

CVE-2011-5034 “Hash values for form parameters computed without restricting hash collisions causing a denial of service” http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5034

 

Or is there a fix planned in the coming releases of Apache Geronimo jars ?

 

Avaneesh