A security bug was detected earlier today in the deployment module of Apache Geronimo 2.0. The command line deployer tool allowed deployment, both local and remote, without specifying user and password. The source of this problem has been identified and the fix is currently being tested, refer to JIRA-3404 for further details.
Apache Geronimo v2.0 was just in the process of being released however, given the sensitivity of this bug, the release has been brought to a halt. We are currently discussing on the mailing list alternatives to continue with the release process. Here is the link to the thread holding this discussion Geronimo 2.0 Release suspended due to security issue found before release