commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bernd Eckenfels <e...@zusammenkunft.net>
Subject Re: [COLLECTIONS] Bad press on twitter following serialization issue
Date Mon, 09 Nov 2015 10:34:11 GMT
Am Mon, 9 Nov 2015 09:36:41 +0100
schrieb Benedikt Ritter <britter@apache.org>:

> Hello Bernd,
> 
> very nice. I found two typos:
> 
> "It is possible to limit the impact when using a custom
> ObjecrtInputStream which overwrites" - should be ObjectInputStream

fixed

> "However it should be clear, this is not the only known (and
> especially not yet know) gadget" - should be "and especially not yet
> known"

reworded:

However to be clear: this is not the only known and especially not
unknow useable gadget. So replacing your installations with a hardened
version of Apache Commons Collections will not make your application
resist this vulnerability.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message