+++ This bug was initially created as a clone of Bug #820629 +++ +++ This bug was initially created as a clone of Bug #820053 +++ Description of problem: JON 3.0.1 is shipping an instance of Xerces that is vulnerable to CVE-2009-2625: jon-server-3.0.1.GA/jbossas/lib/endorsed/xercesImpl.jar This should be upgraded to either xerces >= 2.10 or a version of 2.9.1 with a backported patch, as seems to be in other products. Upgrading to >= 2.10 is preferred.
From Mazz git commit to master: f25fa99 Setting Target Release field correctly
Bulk closing of items that are on_qa and in old RHQ releases, which are out for a long time and where the issue has not been re-opened since.