Page History

Excerpt
2007-09-06 We have discovered a security vulnerability in Geronimo, where the management EJB (MEJB) allows unchallenged access to Geronimo internals. As a temporary workaround you can modify the `config.xml` to disable MEJB.

To disable MEJB make the following modifications to the configuration file at <geronimo_home>/var/config.xml.

No Format

borderStyle	solid
title	Excerpt from config.xml

....
<module name="org.apache.geronimo.configs/openejb/2.0.1/car">
    <gbean name="EJBNetworkService">
    ...
    </gbean>
    <gbean load="false" name="ejb/mgmt/MEJB"/>
</module>
...

We will be releasing a new version soon to control access to MEJB in a more secure way. This issue will be tracked in JIRA GERONIMO-3456.

Blog

Versions Compared

Old Version 2

New Version Current

Key