[jboss-user] [Installation, Configuration & Deployment] - Re: Update JBoss to maintain security?

MarauderMUC do-not-reply at jboss.com
Fri Aug 11 03:11:57 EDT 2006


"aq12ws" wrote : Hi ,
  |         Are you talking about securing the JBoss or upgrading ?
  | 

I intended to ask, if I should upgrade JBoss to the latest "patchlevel" for security reasons.
E.g. It is recommended to upgrade apache 2.0.x to the latest version 2.0.58, because security-holes have been fixed in this version.

Is this also best practice for JBoss - so if I use 3.2.3 should I go for 3.2.8 SP1 to have all known bugs fixed... or are there no security-related fixes in JBoss?

"aq12ws" wrote : 
  | The out of the box JBoss intallation is not secure . If u expose the jmx-console , your server can be shutdown from the web itself . 
  | If u are talking about security issues like this then i can provide more information on  that ,.
  | 

The server has been setup with regard to security a while ago (not from me)... and of course is not fully exposed to the net.
Anyhow - I would be very interested in more information on securing JBoss to double-check our settings and learn from more experienced users...

Thx for the help,
  Thorsten

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3964541#3964541

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3964541



More information about the jboss-user mailing list