svn propchange: r1735570 - svn:log

jleroux Fri, 08 Apr 2016 13:35:48 -0700

Author: jleroux
Revision: 1735570
Modified property: svn:log

Modified: svn:log at Fri Apr  8 20:35:07 2016
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Fri Apr  8 20:35:07 2016
@@ -5,5 +5,6 @@ r1735569 | jleroux | 2016-03-18 11:38:04
 Fixes "Comment out RMI related code because of the Java deserialization issue" 
- https://issues.apache.org/jira/browse/OFBIZ-6942
 
 I decided to comment out as less as possible because once the RMI loaders, the 
RMI dispatcher and the related test services are off there is no RMI related 
danger left (test services are not a danger but would fail during tests run). 
It's then easier for users who need RMI in their projects to have only to 
uncomment those and not digg everywhere. Because the naming (JNDI) server 
relies on the rmi loader it will also be commented out.
+
+[CVE-2016-2170] The infamous Java serialization vulnerability
 ------------------------------------------------------------------------
-

svn propchange: r1735570 - svn:log

Reply via email to