|Index > Community > Security Reports > 2.0.x Security Report||User List | Dev List | Wiki | Issue Tracker|
Apache Geronimo 2.0.x vulnerabilities
This page lists all security vulnerabilities fixed in maintenance releases or interim builds of Apache Geronimo 2.0. Each vulnerability is given a security impact rating by either the Apache Geronimo team or by the dependent project supplying the fix - please note that this rating is not uniform and will vary from project to project. We also list the versions of Apache Geronimo the flaw is known to affect, and where a flaw has not been verified list the version with a question mark.
Please send comments or corrections for these vulnerabilities to the Geronimo Security mailing list.
Other Known Vulnerabilities
None at this time.
Fixed in Geronimo 2.0.3-SNAPSHOT build 20081119 or later
Please visit the 2.0.3 Release Status page for details on the expected content and target release date.
Included patch to close potential denial of service attack vector (OOM) in Tomcat session handling
Fixed in Geronimo 2.0.3-SNAPSHOT build 20080827 or later
Included ActiveMQ patch for the following security exposure -
Upgraded from DWR 1.1.3 to 1.1.4 include the following security fixes -
Upgraded from Jetty 6.1.5 to 6.1.7 to include the following security fixes -
Upgraded from Tomcat 6.0.13 to 6.0.18 to include the following security fixes.
For more details on each fix, please visit the Tomcat 6.x Security page.
Fixed in Geronimo 2.0.2
Fixed in Geronimo 2.0.1