You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geronimo.apache.org by Donald Woods <dw...@apache.org> on 2009/05/04 16:15:15 UTC

Re: [ANNOUNCE] Availability of Geronimo 2.1.4

Please note that everyone using a prior Geronimo 2.0.x through 2.1.3 
release is urged to upgrade to the 2.1.4 level ASAP.

The security vulnerabilities (XSS, XSRF and multiple directory traversal 
vulnerabilities) were mentioned on the ZDNet website last week and in 
their Zero Day newsletter -

	http://blogs.zdnet.com/security/?p=3268



-Donald



Joe Bohn wrote:
> 
> The Apache Geronimo project is pleased to announce the available of 
> Apache Geronimo v2.1.4 server. This is primarily a maintenance release.
> 
> Among the updates and fixes included in the release are several security 
> fixes for vulnerabilities in the administration console. Details of the 
> security vulnerabilities fixed in this release can be found in the 
> Security Report:
> http://geronimo.apache.org/21x-security-report.html
> Other fixes and enhancements are listed in the Release Notes:
> http://cwiki.apache.org/confluence/display/GMOxDOC21/RELEASE-NOTES-2.1.4.TXT 
> 
> 
> Visit the Downloads page for details on downloading Apache Geronimo 
> v2.1.4 server assemblies:
> http://geronimo.apache.org/downloads.html
> 
> A big THANK YOU to all that contributed to this release!  Great work 
> everyone!
> 
> Joe
>