Serialization and serial form
The following is an interesting slide: https://speakerdeck.com/pwntester/surviving-the-java-deserialization-apocalypse?slide=31 Oracle has stated they will not fix these security issues with Collection classes for de-serialization. River-49 also identifies serial form issues with Collections. https://issues.apache.org/jira/projects/RIVER/issues/RIVER-49?filter=allopenissues Cheers, Peter.
Re: [VOTE]: make trunk an unstable development branch.
On Fri, Oct 9, 2020 at 7:03 PM Peter Firmstone wrote: > > Currently the trunk branch is a stable branch, it is not for development > code, let's make it so we can develop in trunk. The vote concludes in > two weeks. +1 (non-binding) from me Phil