In November, two big events. Two opportunities to learn more about security and tooling available in Geronimo. Check the Events page for details.
November 12-16, 2007 - - ApacheCon US 2007, Atlanta
Tuesday, Nov 13 14:30 Securing Java EE Applications in Apache Geronimo by Vamsavardhana Reddy.
Tuesday, Nov 13 10:00 Java EE 5.0 App Development on Geronimo simplified using Eclipse by Shiva Kumar.
Check ApacheCon Atlanta 2007 for calendar updates.
November 26-30, 2007 - - OS Summit Asia 2007, Hong Kong
Monday Nov 26 14:30 Securing Java EE Applications in Apache Geronimo by Vamsavardhana Reddy.
Monday Nov 26 10:00 Java EE 5 App Development on Geronimo simplified using Eclipse & WTP by Shiva Kumar.
Check OS Summit Asia 2007 for calendar updates.
2007-09-06
We have discovered a security vulnerability in Geronimo, where the management EJB (MEJB) allows unchallenged access to Geronimo internals.
As a temporary workaround you can modify the config.xml
to disable MEJB.
To disable MEJB make the following modifications to the configuration file at <geronimo_home>/var/config.xml
.
.... <module name="org.apache.geronimo.configs/openejb/2.0.1/car"> <gbean name="EJBNetworkService"> ... </gbean> <gbean load="false" name="ejb/mgmt/MEJB"/> </module> ...
We will be releasing a new version soon to control access to MEJB in a more secure way. This issue will be tracked in JIRA GERONIMO-3456.