Page listing all the security vulnerabilities in JBoss community projects, for the benefit of the community.
Date: 21 Feb 2011
Security Issue : Oracle has released Update 24 for JDK6 for CVE-2010-4476
What you should do?
- Upgrade to JDK6 Update 24 right away.
- If you do not have opportunities to upgrade, run the Update Tool whose details have been posted below on 9 Feb 2011.
Date: 9 Feb 2011
Security Issue: JBoss and CVE-2010-4476
This affects all Java applications running on the Oracle/Sun JVM. Natually, JBoss Application
Server is affected. The resolution is provided by Oracle at
Upgrade to Oracle JVM JDK6 Update 23 . Then use the Floating Point Updater Tool from http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater If you are unable to upgrade the JDK, just run the FP updater tool.
Once Update 24 is released shortly, the fix will be part of JDK and no need for updater tool.
Date: 26 April 2010
Security Issue: JBoss and CVE-2010-0738
JBoss Products & CVE-2010-0738
As a Red Hat/JBoss enterprise customer (paying), you are already notified via the official channels: RHN, CSP etc. Patches/updated products are available to you.