The Apache Geronimo project is pleased to announce the availability of the Apache Geronimo v2.1.6 server. This release is primarily a bug fix release to address some security vulnerabilities. Please see the detail information in 2.1.6 release notes or 2.1.x Security Report for details.
Fixed vulnerabilities are:
- CVE-2010-1632 and CVE-2010-2076: Axis2 and CXF HTTP binding enables DTD based XML attacks.
- CVE-2010-1622: Spring Framework execution of arbitrary code
Visit the Downloads page for details on downloading Apache Geronimo v2.1.6 server assemblies.