Re: [collections] Review of proposed fix for InvokerTransformer exploit

2015-11-09 Thread Thomas Neidhart
On Mon, Nov 9, 2015 at 10:37 AM, Emmanuel Bourg wrote: > Le 08/11/2015 23:21, Thomas Neidhart a écrit : > > > please review the proposed fix for this issue here: > > The exception message ends with a comma, is this a typo? I suggest > mentioning the system property in the

Re: [collections] Review of proposed fix for InvokerTransformer exploit

2015-11-09 Thread Emmanuel Bourg
Le 08/11/2015 23:21, Thomas Neidhart a écrit : > please review the proposed fix for this issue here: The exception message ends with a comma, is this a typo? I suggest mentioning the system property in the message, such that someone hitting the exception immediately knows how to work around it.

[collections] Review of proposed fix for InvokerTransformer exploit

2015-11-08 Thread Thomas Neidhart
Hi all, please review the proposed fix for this issue here: http://svn.apache.org/viewvc?view=revision=1713307 Thanks, Thomas - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail:

Re: [collections] Review of proposed fix for InvokerTransformer exploit

2015-11-08 Thread Peter Ansell
On 9 November 2015 at 09:21, Thomas Neidhart wrote: > Hi all, > > please review the proposed fix for this issue here: > > http://svn.apache.org/viewvc?view=revision=1713307 Those changes look workable to me. The main issue from my reading is that real users of

Re: [collections] Review of proposed fix for InvokerTransformer exploit

2015-11-08 Thread Gary Gregory
On Sun, Nov 8, 2015 at 3:37 PM, Peter Ansell wrote: > On 9 November 2015 at 09:21, Thomas Neidhart > wrote: > > Hi all, > > > > please review the proposed fix for this issue here: > > > > http://svn.apache.org/viewvc?view=revision=1713307 > >