Bug 1028843

Summary: Documentation bug: the solution of security issue JBPAPP-3079 is wrong
Product: [JBoss] JBoss Enterprise Application Platform 5 Reporter: Kenjiro Nakayama <knakayam>
Component: doc-Release_NotesAssignee: Scott Mumford <smumford>
Status: CLOSED WONTFIX QA Contact: Russell Dickenson <rdickens>
Severity: low Docs Contact:
Priority: unspecified    
Version: 5.0.0Keywords: Documentation, EasyFix, Triaged
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-13 01:13:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kenjiro Nakayama 2013-11-11 03:21:33 UTC 
Document URL: 

https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/5/html-single/Release_Notes_5.0.1/index.html

Section Number and Name: 

7.  Issues fixed in this release 
Security Issues
JBPAPP-3079

Describe the issue: 
Doc says The Solution of flushing JBoss Authentication Cache is to uncomment the filter in Tomcat's web.xml, but filter must be added. 
The following KCS is right.

Why does flushOnSessionInvalidation not flush the JAAS cache when sessions timeout on JBoss?
https://access.redhat.com/site/solutions/169873

Suggestions for improvement: 

<current>
You must uncolmment this filter in Tomcat's web.xml to use this feature. 

<TOBE>
You must uncolmment add the filter in server/$PROFILE/deployers/jbossweb.deployer/web.xml to use this feature.