Author: jleroux Revision: 1853748 Modified property: svn:log Modified: svn:log at Fri Sep 13 07:38:33 2019 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Fri Sep 13 07:38:33 2019 @@ -5,10 +5,11 @@ r1853745 | jleroux | 2019-02-17 13:38:06 Improved: Improve ObjectInputStream class (OFBIZ-10837) +Fixes CVE-2019-0189 + The white list I used was not complete. This adds "java.util.HashMap", "Boolean", "Number", "Integer" which are the ones missing I found so far. Maybe other classes could still miss OOTB. So I added a warning in SafeObjectInputStream::resolveClass ------------------------------------------------------------------------ -