|
|
Author: jleroux
Revision: 1856458
Modified property: svn:log
Modified: svn:log at Fri Sep 13 07:40:41 2019
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Sep 13 07:40:41 2019
@@ -5,9 +5,10 @@ r1856455 | jleroux | 2019-03-28 08:50:32
Improved: Improve ObjectInputStream class
(OFBIZ-10837)
+Fixes CVE-2019-0189
+
The white list was still not complete as reported by Ed Mack
This adds all arrays of primitives and java.math.BigDecimal
Thanks: Ed Mack at OFBIZ-10876
------------------------------------------------------------------------
-�
|
Locked
