Edit Page
 Index > 2007 > 08 > 13 > Apache Geronimo v2.0 - Release delayed due to security issue User List | Dev List | Wiki | Issue Tracker  
  Overview
Home
Documentation
Downloads
News Archive
Project Management
License
Privacy Policy
ASF
  Search
Powered by Google Search
  Community
Events
Get Involved
Committers
Mailing Lists
Discussion Forums
Blog
IRC
FAQ
Wiki
Found a Bug?
Security Reports
Service and Support
ASF Sponsorship
ASF Thanks!
  Development
Javadoc
XML Schemas
Source Code
Coding Standards
Issue Tracker
Related Projects
Release Roadmaps
  Subprojects
Development Tools
Sample Applications
GBuild
GShell
XBean
Yoko
Java EE Specs
Components
Plugins
RSS News
RSS Site Changes
ATOM User Mailing List
ATOM Developer Mailing List

2007-08-13
A security bug was detected earlier today in the deployment module of Apache Geronimo 2.0. The command line deployer tool allowed deployment, both local and remote, without specifying user and password. The source of this problem has been identified and the fix is currently being tested, refer to JIRA-3404 for further details.

Apache Geronimo v2.0 was just in the process of being released however, given the sensitivity of this bug, the release has been brought to a halt. We are currently discussing on the mailing list alternatives to continue with the release process. Here is the link to the thread holding this discussion Geronimo 2.0 Release suspended due to security issue found before release