On Tue, Nov 10, 2015 at 3:09 PM, Bertrand Delacretaz <[email protected]> wrote: > ...I have created a prototype at SLING-5288 to guard against recently > reported Java deserialization risks...
In the meantime I also tested https://github.com/kantega/notsoserial which is very interesting as that's a Java agent that can protect existing unmodified code. Requires bootdelegating org.kantega.* to use in an OSGi environment. -Bertrand
