Bug 1415511
Summary: | Security Hardening - Prevent Deserialization Attacks from using Groovy MethodClosure private readObject method | ||
---|---|---|---|
Product: | [JBoss] JBoss Operations Network | Reporter: | Jason Shepherd <jshepherd> |
Component: | Core Server, Security | Assignee: | Simeon Pinder <spinder> |
Status: | CLOSED ERRATA | QA Contact: | Filip Brychta <fbrychta> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | JON 3.3.7 | CC: | fbrychta, jshepherd, loleary, spinder, twalsh |
Target Milestone: | ER02 | Keywords: | Triaged |
Target Release: | JON 3.3.8 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-02-16 18:46:01 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jason Shepherd
2017-01-22 23:14:16 UTC
Moving to ON_QA as available to test with the following brew build: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=535315 NOTE: jon-server-patch-3.3.0.GA.zip maps to jon-server-3.3.0.GA-update-08.zip whic is JON 3.3.8 ER02 build. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2017-0285.html |