TL;DR
If you use remote JMX, you need to update your JVM to address CVE-2016-3427

For the longer version, see the blog post I just published on this:
http://engineering.pivotal.io/post/java-deserialization-jmx/

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to