Barry,
The deserialization-vulnerability for RMI endpoints in your webapp can be
mitigated using our library at https://github.com/Servoy/rmi-whitelist
Add it to the tomcat system library and classes like the
commons-collections can no longer be used in the serialisation attacks over
RMI.
Rob
20
I submitted bug 58490.
Thanks,
Rob
On Fri, Oct 9, 2015 at 10:38 AM, Mark Thomas wrote:
> On 09/10/2015 09:33, Rob Gansevles wrote:
> > Hi,
> >
> > I am trying to use web-fragments on tomcat8, but get an error and the
> > webapp does not start when i turn unpacking o
Hi,
I am trying to use web-fragments on tomcat8, but get an error and the
webapp does not start when i turn unpacking of wars off.
Is this a supported combination?
I can reproduce the error with a plain new tomcat8 install and a standard
example.
I am using a simple sample war to make sure the