Arbitrary Code Injection

OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution from Red Hat, and is designed for on-premise or private cloud deployments. The OpenShift Enterprise 1.2 Release Notes provide information about changes in this release, and instructions on how to upgrade from previous OpenShift Enterprise releases. Visit https://access.redhat.com/knowledge/docs/ to access all OpenShift Enterprise documentation. This update also fixes the following bugs: * Using JBoss and MySQL, and possibly other combinations, creating a gear resulted in a zombie process under MCollective on the node host. Therefore, it was possible for a node to suffer a denial of service (DoS) by running out of processes. The current release of OpenShift Enterprise fixes this issue and eliminates the zombie processes. (BZ#902279) * A hard-coded message in MySQL cartridges informed users that they can use a phpMyAdmin cartridge. However, the phpMyAdmin cartridge is not available in OpenShift Enterprise. This issue has been fixed in the current release of OpenShift Enterprise, and users no longer receive the incorrect message. (BZ#928029) * With both JBoss EAP and JBoss EWS 1 channels enabled on the node host, JBoss EWS 1 applications installed an incompatible Tomcat package. Therefore, the applications failed to execute, resulting in errors such as “java.lang.IllegalStateException: No Java compiler available.” This was due to the dependencies being incorrectly managed. The OpenShift Enterprise Deployment Guide and example installation scripts have been adjusted in the current release of OpenShift Enterprise, ensuring the correct version of Tomcat is installed. (BZ#959993) Users are advised to upgrade to Red Hat OpenShift Enterprise 1.2.