"aq12ws" wrote : Hi , | Are you talking about securing the JBoss or upgrading ? | I intended to ask, if I should upgrade JBoss to the latest "patchlevel" for security reasons. E.g. It is recommended to upgrade apache 2.0.x to the latest version 2.0.58, because security-holes have been fixed in this version. Is this also best practice for JBoss - so if I use 3.2.3 should I go for 3.2.8 SP1 to have all known bugs fixed... or are there no security-related fixes in JBoss? "aq12ws" wrote : | The out of the box JBoss intallation is not secure . If u expose the jmx-console , your server can be shutdown from the web itself . | If u are talking about security issues like this then i can provide more information on that ,. | The server has been setup with regard to security a while ago (not from me)... and of course is not fully exposed to the net. Anyhow - I would be very interested in more information on securing JBoss to double-check our settings and learn from more experienced users... Thx for the help, Thorsten View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3964541#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...