THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!

Blog from September, 2007

More presentations and tutorials

Hernan Cunico posted on Sep 20, 2007

In November, two big events. Two opportunities to learn more about security and tooling available in Geronimo.

ApacheCon US 2007, Atlanta
OS Summit Asia 2007, Hong Kong

Check the Events page for details.

November 12-16, 2007 - - ApacheCon US 2007, Atlanta

Tuesday, Nov 13 14:30 Securing Java EE Applications in Apache Geronimo by Vamsavardhana Reddy.
Tuesday, Nov 13 10:00 Java EE 5.0 App Development on Geronimo simplified using Eclipse by Shiva Kumar.

Check ApacheCon Atlanta 2007 for calendar updates.

November 26-30, 2007 - - OS Summit Asia 2007, Hong Kong

Monday Nov 26 14:30 Securing Java EE Applications in Apache Geronimo by Vamsavardhana Reddy.
Monday Nov 26 10:00 Java EE 5 App Development on Geronimo simplified using Eclipse & WTP by Shiva Kumar.

Check OS Summit Asia 2007 for calendar updates.

events

MEJB Security Alert

Hernan Cunico posted on Sep 07, 2007

2007-09-06
We have discovered a security vulnerability in Geronimo, where the management EJB (MEJB) allows unchallenged access to Geronimo internals.
As a temporary workaround you can modify the config.xml to disable MEJB.

To disable MEJB make the following modifications to the configuration file at <geronimo_home>/var/config.xml.

Excerpt from config.xml

....
<module name="org.apache.geronimo.configs/openejb/2.0.1/car">
    <gbean name="EJBNetworkService">
    ...
    </gbean>
    <gbean load="false" name="ejb/mgmt/MEJB"/>
</module>
...

We will be releasing a new version soon to control access to MEJB in a more secure way. This issue will be tracked in JIRA GERONIMO-3456.

news