@Thomas: Thanks for this information, but I guess the correct property is rpc.enhancedClasses :-) @Jakob: Keep in mind, that commons-collections is not the only library "under attack" ... groovy and spring shares a similar use case https://github.com/frohoff/ysoserial/tree/master/src/main/java/ysoserial/payloads :-( I think reading objects from outside (worst case without autentication) using ObjectInputStream is always a bad idea!
-- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-web-toolkit. For more options, visit https://groups.google.com/d/optout.
