You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Romain Manni-Bucau (JIRA)" <de...@myfaces.apache.org> on 2015/11/27 13:03:10 UTC

[jira] [Created] (MYFACES-4021) blacklist org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan in MyFacesObjectInputStream

Romain Manni-Bucau created MYFACES-4021:
-------------------------------------------

             Summary: blacklist org.codehaus.groovy.runtime.,org.apache.commons.collections.functors.,org.apache.xalan in  MyFacesObjectInputStream
                 Key: MYFACES-4021
                 URL: https://issues.apache.org/jira/browse/MYFACES-4021
             Project: MyFaces Core
          Issue Type: Bug
            Reporter: Romain Manni-Bucau
            Priority: Blocker


https://github.com/apache/incubator-batchee/commit/cfd133c309c21a82fb24cfcc9a7c2365aee4678a#diff-acd0bc06477ce776b0ad8fdda76f8b7eR56 mecanism can be used

(due to recent vulnerability discovered in [collections], spring, groovy we can't suppose we don't run with these libraries so we need this fix as well)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)