Author: smumford
Date: 2010-04-26 22:49:47 -0400 (Mon, 26 Apr 2010)
New Revision: 13930
Modified:
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP04/Release_Notes/en-US/Release_Notes.xml
Log:
JBEPP-321 Including link to kbase article for JMX security issue and due credits
Modified:
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP04/Release_Notes/en-US/Release_Notes.xml
===================================================================
---
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP04/Release_Notes/en-US/Release_Notes.xml 2010-04-23
06:56:46 UTC (rev 13929)
+++
docs/enterprise/tags/Enterprise_Portal_Platform_4_3_GA_CP04/Release_Notes/en-US/Release_Notes.xml 2010-04-27
02:49:47 UTC (rev 13930)
@@ -116,8 +116,7 @@
<para>
If an immediate upgrade is not possible or the server deployment has been
customized then
the fix can be applied by removing the following lines from the
deployment descriptor
- (<filename>WEB-INF/web.xml</filename>) of the JMX Console
WAR. Contact Red Hat JBoss
- Support for advice before making these changes.
+ (<filename>WEB-INF/web.xml</filename>) of the JMX Console
WAR. Details of how to apply the fix can be found at <ulink type="http"
url="http://kbase.redhat.com/faq/docs/DOC-30741">http://kbas...;.
Customers are advised to contact Red Hat JBoss Support for advice before making these
changes.
</para>
<para>
The lines of configuration to remove are:
@@ -168,6 +167,9 @@
</para>
</listitem>
</itemizedlist>
+ <para>
+ Red Hat would like to thank Stefano di Paola and Giorgio Fedon of Minded Security for
responsibly reporting the CVE-2010-0738 issue.
+ </para>
</section>
<section
id="sect-Release_Notes-Product_Support_and_License_Website_Links">