So does the much publicized recent Java security vulnerability affect GlassFish and Java EE? You guessed it - the answer is a resounding no.
For a pretty sober analysis of the actual issue, read what noted technology consultant, evangelist and author Tim Boudreau had to say. As Tim explains extremely well - the security vulnerability is about malicious hackers exploiting invoke dynamic and reflection through rogue Java Applets running on browsers, so it has nothing to do with server-side Java or even Java on the desktop.