[OFBIZ-12167] Adds a blacklist (to be renamed soon to denylist) in Java serialisation (CVE-2021-26295) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Trunk
Fix Version/s: 17.12.06
Component/s: framework/base
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

Adds an example based on RMI which is known to be a problem

This fixes CVE-2021-26295 and is available in last 17.12.06 package

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 05/Feb/21 09:58

Updated:: 29/Mar/21 11:30

Resolved:: 05/Feb/21 10:39