Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-12167

Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295)

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Trunk
    • Fix Version/s: 17.12.06
    • Component/s: framework/base
    • Labels:
      None
    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      Adds an example based on RMI which is known to be a problem

      This fixes CVE-2021-26295 and is available in last 17.12.06 package

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jleroux Jacques Le Roux
                Reporter:
                jleroux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: