Monday, November 23, 2015

Re: Java Deserialization Vulnerability

@Thomas: Thanks for this information, but I guess the correct property is rpc.enhancedClasses :-)
@Jakob: Keep in mind, that commons-collections is not the only library "under attack" ... groovy and spring shares a similar use case :-( I think reading objects from outside (worst case without autentication) using ObjectInputStream is always a bad idea!

You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

No comments:

Post a Comment