Monday, November 23, 2015

Re: Java Deserialization Vulnerability

They released a new version of commons-collections (v3.2.2) which addresses this issue. So the remote code execution vulnerability is fixed, but as Jens noted, the potential DOS attack can still be executed.
https://commons.apache.org/proper/commons-collections/release_3_2_2.html
The issue in the Apache bug tracker: https://issues.apache.org/jira/browse/COLLECTIONS-580

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at http://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment