JBoss Security Updates for Bedework 3.7
Updated: October 25, 2011
As you may be already aware from messages on the Bedworkwork lists and/or the JBoss list, a vlunerability has been identified with respect to the JBoss JMX console. Although this vulnerability is in JBoss, not Bedework itself, Bedework installations may be affected.
The Bedework 3.7 quickstart has been modified to make the JMX console more secure, as will all future Bedework releases.
Simply performing a subversion update to your existing installation will not address the vulnerability. You will need to to "manually" follow the procedure described below:
...