|
Author: jleroux
Revision: 1856408
Modified property: svn:log
Modified: svn:log at Fri Sep 13 07:40:31 2019
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Sep 13 07:40:31 2019
@@ -5,6 +5,8 @@ r1856405 | jleroux | 2019-03-27 15:16:24
Improved: Improve ObjectInputStream class
(OFBIZ-10837)
+Fixes CVE-2019-0189
+
The white list was still not complete as reported by Wolfgang Rauchholz on user
ML
This adds java.math.BigDecimal and "[B" (ie [B == byte[] and I don't understand
@@ -15,4 +17,3 @@ Anyway I'll not change it.
Thanks: Ingo Wolfmayr at OFBIZ-10870
------------------------------------------------------------------------
-
|