|
|
Author: jleroux
Revision: 1853748
Modified property: svn:log
Modified: svn:log at Fri Sep 13 07:38:33 2019
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Sep 13 07:38:33 2019
@@ -5,10 +5,11 @@ r1853745 | jleroux | 2019-02-17 13:38:06
Improved: Improve ObjectInputStream class
(OFBIZ-10837)
+Fixes CVE-2019-0189
+
The white list I used was not complete.
This adds "java.util.HashMap", "Boolean", "Number", "Integer" which are the ones
missing I found so far.
Maybe other classes could still miss OOTB. So I added a warning in
SafeObjectInputStream::resolveClass
------------------------------------------------------------------------
-�
|
Locked
