Edit Page
 Index > 2010 > 07 > 21 > Apache Geronimo v2.1.6 - Released User List | Dev List | Wiki | Issue Tracker  
  Overview
Home
Documentation
Downloads
News Archive
Project Management
License
Privacy Policy
ASF
  Search
Powered by Google Search
  Community
Events
Get Involved
Committers
Mailing Lists
Discussion Forums
Blog
IRC
FAQ
Wiki
Found a Bug?
Security Reports
Service and Support
ASF Sponsorship
ASF Thanks!
  Development
Javadoc
XML Schemas
Source Code
Coding Standards
Issue Tracker
Related Projects
Release Roadmaps
  Subprojects
Development Tools
Sample Applications
GBuild
GShell
XBean
Yoko
Java EE Specs
Components
Plugins
RSS News
RSS Site Changes
ATOM User Mailing List
ATOM Developer Mailing List

The Apache Geronimo project is pleased to announce the availability of the Apache Geronimo v2.1.6 server. This release is primarily a bug fix release to address some security vulnerabilities. Please see the detail information in 2.1.6 release notes or 2.1.x Security Report for details.

Fixed vulnerabilities are:

  • CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.
  • CVE-2010-1622: Spring Framework execution of arbitrary code

Visit the Downloads page for details on downloading Apache Geronimo v2.1.6 server assemblies.