[prev in list] [next in list] [prev in thread] [next in thread]
List: tomcat-user
Subject: Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427
From: Daniel Savard <daniel.savard () gmail ! com>
Date: 2016-05-25 23:34:42
Message-ID: CAHDsjKsCPdFLsf3pGXakuT3aVMSnhdhxF2oz9OWdHAjF5BMRtw () mail ! gmail ! com
[Download RAW message or body]
2016-05-25 13:42 GMT-04:00 Mark Thomas <markt@apache.org>:
(...)
> For example, this issue only applies if you are using JMX/RMI. If you
> are, it is likely to be a significant risk. If you aren't, it won't
> affect you. One of the reasons I published that blog post was to provide
> folks with the information they need to figure out whether this affects
> them or not.
>
> Mark
>
In doubt, I usually prefer to upgrade to latest version. I see no reason to
stick to a lower version unless a specific bug is know and has been
introduced into the latest version.
-----------------
Daniel Savard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic