Resolved Bugs
1168977 – CVE-2014-8120 thermostat: local JMX URL disclosure<br
Update to latest maintenance release. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-8120)