[jboss-cvs] JBossAS SVN: r96634 - projects/docs/enterprise/4.2.8/readme/en-US.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Nov 20 03:07:46 EST 2009 

Author: laubai
Date: 2009-11-20 03:07:46 -0500 (Fri, 20 Nov 2009)
New Revision: 96634

Modified:
   projects/docs/enterprise/4.2.8/readme/en-US/Release_Notes_CP08.xml
Log:
Adding changes for CP07 build.

Modified: projects/docs/enterprise/4.2.8/readme/en-US/Release_Notes_CP08.xml
===================================================================
--- projects/docs/enterprise/4.2.8/readme/en-US/Release_Notes_CP08.xml	2009-11-20 08:05:56 UTC (rev 96633)
+++ projects/docs/enterprise/4.2.8/readme/en-US/Release_Notes_CP08.xml	2009-11-20 08:07:46 UTC (rev 96634)
@@ -362,18 +362,20 @@
 		</para>
         <formalpara>
           <title>Security</title>
-            <itemizedlist>
-              <listitem>
+            <para>
+              <itemizedlist>
+                <listitem>
+                  <para>
+                    <ulink url="https://jira.jboss.org/jira/browse/JBPAPP-2872">JBPAPP-2872</ulink>: Twiddle logged all command line arguments, including the JMX password, to <filename>twiddle.log</filename>, which had public read permissions, and was created in the current working directory. The password is now masked in the log, removing the risk to security.
+                  </para>
+                </listitem>
+                <listitem>
                 <para>
-                  <ulink url="https://jira.jboss.org/jira/browse/JBPAPP-2872">JBPAPP-2872</ulink>: Twiddle logged all command line arguments, including the JMX password, to <filename>twiddle.log</filename>, which had public read permissions, and was created in the current working directory. The password is now masked in the log, removing the risk to security.
+                  <ulink url="https://jira.jboss.org/jira/browse/JBPAPP-2312">JBPAPP-2312</ulink>: A new <classname>PrincipalSessionAttributeFilter</classname> has been created to include the principal session as an attribute of the HTTP Session. This attribute is checked upon session expiry and the authenticated cache will be flushed if found. In order to use this filter, uncomment the filter in Tomcat's <filename>web.xml</filename>.
                 </para>
               </listitem>
-              <listitem>
-              <para>
-                <ulink url="https://jira.jboss.org/jira/browse/JBPAPP-2312">JBPAPP-2312</ulink>: A new <classname>PrincipalSessionAttributeFilter</classname> has been created to include the principal session as an attribute of the HTTP Session. This attribute is checked upon session expiry and the authenticated cache will be flushed if found. In order to use this filter, uncomment the filter in Tomcat's <filename>web.xml</filename>.
-              </para>
-            </listitem>
-            </itemizedlist>
+              </itemizedlist>
+            </para>
         </formalpara>
         <formalpara>
 			<title>JBoss Application Server</title>

More information about the jboss-cvs-commits mailing list