(RHSA-2015:0091) Important: Red Hat JBoss Data Grid 6.4.0 update

Red Hat JBoss Data Grid is a distributed in-memory data grid, based on
Infinispan.

This release of Red Hat JBoss Data Grid 6.4.0 serves as a replacement for
Red Hat JBoss Data Grid 6.3.1. It includes various bug fixes and
enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.0
Release Notes. The Release Notes are available at:
https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/

This update also fixes the following security issue:

It was found that the implementation of the
org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method
provided a DocumentBuilderFactory that would expand entity references.
A remote, unauthenticated attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2014-3530)

Red Hat would like to thank Alexander Papadakis for reporting
CVE-2014-3530.

All users of Red Hat JBoss Data Grid 6.3.1 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Data Grid 6.4.0.