Hello,
quite disturbing… and I dont think it affects only the free version.
Did Ignite Realtime already communicate on this ? If not the trust is gone…
http://seclists.org/fulldisclosure/2008/Nov/0155.html
"
2008/05/17 - Vendor notified using sales_at_jivesoftware.com
2008/05/18 - Vendor notified using gaston_at_jivesoftware.com
2008/05/20 - Vendor response
2008/05/20 - Detailed vulnerability information sent to the vendor
2008/05/21 - Vendor confirms the vulnerability
2008/08/18 - Asked vendor for up to date information regarding the
reported issues
2008/10/18 - Again asked vendor for up to date information regarding the
reported issues
2008/10/31 - Informed vendor of planned advisory realease on 2008/11/05
(no response)
2008/11/07 - Full technical details and recommended measures released to
general public
"