Hi Moritz, If I'm not mistaken this vulnerability is actually linked to a dangerous deserialization in commons-collections if the input isn't properly sanitized. I intend to upload a modification of commons-collections to address this issue in Jenkins and the other applications potentially affected.
Emmanuel Bourg __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
