ASV scan came back and showed remote code execution vulnerability, They listed this site as the remediation
so i found the jboss-web.xml file and when i look in it, it doesn't appear the security domain is commented out. Am i looking at this wrong?
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.