You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2019/09/13 07:32:49 UTC
svn propchange: r1856406 - svn:log
Author: jleroux
Revision: 1856406
Modified property: svn:log
Modified: svn:log at Fri Sep 13 07:32:49 2019
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Sep 13 07:32:49 2019
@@ -5,6 +5,8 @@ r1856405 | jleroux | 2019-03-27 15:16:24
Improved: Improve ObjectInputStream class
(OFBIZ-10837)
+Fixes CVE-2019-0189
+
The white list was still not complete as reported by Wolfgang Rauchholz on user
ML
This adds java.math.BigDecimal and "[B" (ie [B == byte[] and I don't understand