Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-12592

Prevent possible DOS attack done using Java deserialisation

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 18.12.06, 22.01.01
    • 18.12.06, 22.01.01
    • ALL COMPONENTS
    • None
    • Bug Crush Event - 21/2/2015

    Description

      Qing Xu, a security reporter, alerted us that, despite no current vulnerability, it could be maybe possible to do DOS attacks using Java deserialisation. That has been fixed with https://openjdk.java.net/jeps/290 and even implemented in Java 8, but it needs a little effort on our side.

      Attachments

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. OFBIZ-12716 Manufacturing - MRP Run Failure

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: