2016-05-25 13:42 GMT-04:00 Mark Thomas :
(...)
> For example, this issue only applies if you are using JMX/RMI. If you
> are, it is likely to be a significant risk. If you aren't, it won't
> affect you. One of the reasons I published that blog post was to provide
> folks with
On 25/05/2016 16:12, Christopher Schultz wrote:
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
>> TL;DR If you use remote JMX, you need to update your JVM to address
>> CVE-2016-3427
>
>> For the longer version, see the blog post I just published on
>> this:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
On 5/25/16 11:41 AM, David kerber wrote:
> On 5/25/2016 11:12 AM, Christopher Schultz wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
>> Mark,
>>
>> On 5/24/16 10:06 AM, Mark Thomas wrote:
>>> TL;DR If you use remote JMX, you need
On 5/25/2016 11:12 AM, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/24/16 10:06 AM, Mark Thomas wrote:
TL;DR If you use remote JMX, you need to update your JVM to address
CVE-2016-3427
For the longer version, see the blog post I just published on
this:
On Wed, May 25, 2016 at 11:12 AM, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
>> TL;DR If you use remote JMX, you need to update your JVM to address
>> CVE-2016-3427
>>
>> For the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/24/16 10:06 AM, Mark Thomas wrote:
> TL;DR If you use remote JMX, you need to update your JVM to address
> CVE-2016-3427
>
> For the longer version, see the blog post I just published on
> this:
TL;DR
If you use remote JMX, you need to update your JVM to address CVE-2016-3427
For the longer version, see the blog post I just published on this:
http://engineering.pivotal.io/post/java-deserialization-jmx/
Mark
-
To