Can we apply the enterprise patches CVE-2010-1428 and RHSA-2008:0827 to the community version of the jboss server to address the security vulnerabilities they resolve?
We are using the community version of jboss 4.2.3 and have a couple of applications which have been customised in such a way that we can’t readily upgrade. Hence one seems need to choose between –
- Risking apply the security upgrade to the community version we have
- Upgrading and seeing what breaks in the applications
- Living with security issues or putting in place other measures to counter the vulnerabilities
Many thanks
Shaun