On 25/05/2016 16:12, Christopher Schultz wrote:
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
>> TL;DR If you use remote JMX, you need to update your JVM to address
>> CVE-2016-3427
>
>> For the longer version, see the blog post I just published on
>> this: http://engineering.pivotal.io/pos
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427
> "Java SE: 6u113, 7u99, 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9"
> I have Java 1.8.0_91. Am I affected?
No.
> What about if
Woonsan,
On 5/25/16 11:29 AM, Woonsan Ko wrote:
> On Wed, May 25, 2016 at 11:12 AM, Christopher Schultz
> wrote:
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
TL;DR If you use remote JMX, you need to update your JVM to address
CVE-2016-3427
For the longer version, see t
On Wed, May 25, 2016 at 11:12 AM, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
>> TL;DR If you use remote JMX, you need to update your JVM to address
>> CVE-2016-3427
>>
>> For the longer version, see the blog po
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/24/16 10:06 AM, Mark Thomas wrote:
> TL;DR If you use remote JMX, you need to update your JVM to address
> CVE-2016-3427
>
> For the longer version, see the blog post I just published on
> this: http://engineering.pivotal.io/post/java-dese
