commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Eckenfels <>
Subject Re: [COLLECTIONS] Bad press on twitter following serialization issue
Date Mon, 09 Nov 2015 10:34:11 GMT
Am Mon, 9 Nov 2015 09:36:41 +0100
schrieb Benedikt Ritter <>:

> Hello Bernd,
> very nice. I found two typos:
> "It is possible to limit the impact when using a custom
> ObjecrtInputStream which overwrites" - should be ObjectInputStream


> "However it should be clear, this is not the only known (and
> especially not yet know) gadget" - should be "and especially not yet
> known"


However to be clear: this is not the only known and especially not
unknow useable gadget. So replacing your installations with a hardened
version of Apache Commons Collections will not make your application
resist this vulnerability.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message