>> Both sample payloads have "gadget chains" which do start (readObject()) >> in JCL classes and then use pretty generic interfaces like Annotations >> or Comparators, so there is really no link between the types and the >> specific weakness.
> I did not see JCL (commons logging?) used in the gadget chains. JCL = Jaca Class Library (in this case ,) -- http://bernd.eckenfels.net --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
