fix/change your code, then its just a matter of finding
another similar gadget somewhere else
Just thought i'd join in the discussion. I've joined the maillist.
Thanks,
Gabriel Lawrence
@gebl
If you guys want to put together a blog post about this, Chris and I would
be happy to help. We've tried to be pretty clear to people that this isnt a
problem with the libraries, but something that should be addressed by the
deserializer either by not deserializing from a trusted source or by
hacki
thank Chris Frohoff and Gabriel Lawrence for reviewing this blog post."
thanks!
gabe
On Mon, Nov 9, 2015 at 8:42 AM, Phil Steitz wrote:
> I think the post is nicely written and I don't personally object to
> anything in it. I have not dug into the details of the subject
> tho
