The JGroups diagnostics service should be disabled by default.

This can be accomlished by removing the "diagnostics-socket-binding" attribute from the <transport> tags in the JGroups subsystem.

This is a security issue, because the diagnostics port enables many security-sensitive operations, with no authentication, including:

• full thread dump of the JVM
• add/remove JGroups protocols
• call any method on any JGroups protocol, passing in arbitrary arguments