Am Mon, 9 Nov 2015 09:36:41 +0100 schrieb Benedikt Ritter <brit...@apache.org>:
> Hello Bernd, > > very nice. I found two typos: > > "It is possible to limit the impact when using a custom > ObjecrtInputStream which overwrites" - should be ObjectInputStream fixed > "However it should be clear, this is not the only known (and > especially not yet know) gadget" - should be "and especially not yet > known" reworded: However to be clear: this is not the only known and especially not unknow useable gadget. So replacing your installations with a hardened version of Apache Commons Collections will not make your application resist this vulnerability. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
