For whatever reason our long standing use of unsecured consoles is now being reported as a security hole. To address this, either we need to bind to localhost by default or secure the consoles with a user that has no access. The latter requires a post install change to add a valid role or remove the security settings. We can't go with a default admin/admin password. The localhost approach would allow testsuites to continue to work as they currently do and is probably the least intrusive change. Any other opinions or options? _______________________________________________ jboss-development mailing list jboss-development(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-development