[JBoss JIRA] (JGRP-2033) Replace Java serialization with JGroups marshalling

Monday, 21 March 2016

     [
https://issues.jboss.org/browse/JGRP-2033?page=com.atlassian.jira.plugin....
]

Bela Ban updated JGRP-2033:
---------------------------
    Description: 
In some cases, even JGroups internal code still uses Java serialization. Replace this with
marshalling (using {{Streamable}}). The vulnerability is described in [1].
[1]
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-j...

  was:In some cases, even JGroups internal code still uses Java serialization. Replace
this with marshalling (using {{Streamable}}) 

...
 Replace Java serialization with JGroups marshalling
 ---------------------------------------------------

                 Key: JGRP-2033
                 URL: https://issues.jboss.org/browse/JGRP-2033
             Project: JGroups
          Issue Type: Task
            Reporter: Bela Ban
            Assignee: Bela Ban
             Fix For: 3.6.9, 4.0

 In some cases, even JGroups internal code still uses Java serialization. Replace this
with marshalling (using {{Streamable}}). The vulnerability is described in [1].
 [1]
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-j...

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006