12.11.2015 14:11

Die Apache Software Foundation zu dem Java Commons Collection/Java (De)Serialization Problem

Die Apache Software Foundation hat dazu einen ausführlichen Blog-Post verfasst.

Die Money Quote daraus: "Even when the classes implementing a certain functionality cannot be blamed for this vulnerability, and fixing the known cases will also not make the usage of serialization in an untrusted context safe, there is still demand to fix at least the known cases, even when this will only start a Whack-a-Mole game."

Autor: Robert Waldner