JBoss Security
...
Update for Bedework 3.7
As you may be already aware from messages on the Bedworkwork lists and/or the JBoss list, a vlunerability has been identified with respect to the JBoss JMX console. Although this vulnerability is in JBoss, not Bedework itself, Bedework installations may be affected.
The Bedework 3.7 quickstart has been modified to make the JMX console more secure, as will all future Bedework releases.
Simply performing a subversion update to your existing installation will not address the vulnerability. You will need to to "manually" follow the procedure described below:
...
4. Note that it is not good practice to run any web service as a privileged user (e.g. "root"). Therefore, to minimizie your risk overall, you should run JBoss under an unprivileged account.