...
This page lists all security vulnerabilities fixed in released version maintenance releases or interim builds of Apache Geronimo 2.2. x. Each vulnerability is given a security impact rating by either the Apache Geronimo team or by the dependent project supplying the fix - please note that this rating is not uniform and will vary from project to project. We also list the versions of Apache Geronimo the flaw is known to affect, and where a flaw has not been verified list the version with a question mark.
Please send comments or corrections for these vulnerabilities to the Geronimo Security mailing list.
TBD
...
Since Apache Geronimo 2.2
...
has not been released, this page does not apply.
Please visit the Apache Geronimo 2.2 Release Status page for planned release content and dates.
Upgraded from Tomcat 6.0.16 to 6.0.18 to include the following security fixes -
- low: Cross-site scripting CVE-2008-1232
- low: Cross-site scripting CVE-2008-1947
- important: Information disclosure CVE-2008-2370
- moderate: Directory traversal CVE-2008-2938
For more details on each fix, please visit the Tomcat 6.x Security page.
JIRA: GERONIMO-4245
Affects: 2.2-SNAPSHOT