Monday, November 23, 2015

Re: Java Deserialization Vulnerability

They released a new version of commons-collections (v3.2.2) which addresses this issue. So the remote code execution vulnerability is fixed, but as Jens noted, the potential DOS attack can still be executed.
The issue in the Apache bug tracker:

You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

No comments:

Post a Comment