[jboss-jira] [JBoss JIRA] (JGRP-2033) Replace Java serialization with JGroups marshalling
Bela Ban (JIRA)
issues at jboss.org
Mon Mar 21 09:05:00 EDT 2016
[ https://issues.jboss.org/browse/JGRP-2033?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bela Ban updated JGRP-2033:
---------------------------
Description:
In some cases, even JGroups internal code still uses Java serialization. Replace this with marshalling (using {{Streamable}}). The vulnerability is described in [1].
[1] http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
was:In some cases, even JGroups internal code still uses Java serialization. Replace this with marshalling (using {{Streamable}})
> Replace Java serialization with JGroups marshalling
> ---------------------------------------------------
>
> Key: JGRP-2033
> URL: https://issues.jboss.org/browse/JGRP-2033
> Project: JGroups
> Issue Type: Task
> Reporter: Bela Ban
> Assignee: Bela Ban
> Fix For: 3.6.9, 4.0
>
>
> In some cases, even JGroups internal code still uses Java serialization. Replace this with marshalling (using {{Streamable}}). The vulnerability is described in [1].
> [1] http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list