[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427
From:       Daniel Savard <daniel.savard () gmail ! com>
Date:       2016-05-25 23:34:42
Message-ID: CAHDsjKsCPdFLsf3pGXakuT3aVMSnhdhxF2oz9OWdHAjF5BMRtw () mail ! gmail ! com
[Download RAW message or body]


2016-05-25 13:42 GMT-04:00 Mark Thomas <markt@apache.org>:
(...)

> For example, this issue only applies if you are using JMX/RMI. If you
> are, it is likely to be a significant risk. If you aren't, it won't
> affect you. One of the reasons I published that blog post was to provide
> folks with the information they need to figure out whether this affects
> them or not.
>
> Mark
>

In doubt, I usually prefer to upgrade to latest version. I see no reason to
stick to a lower version unless a specific bug is know and has been
introduced into the latest version.

-----------------
Daniel Savard


[prev in list] [next in list] [prev in thread] [next in thread]