12. November 2015
Die Apache Software Foundation hat dazu einen ausführlichen Blog-Post
Die Money Quote daraus: "Even when the classes implementing a certain functionality cannot be blamed for this vulnerability, and fixing the known cases will also not make the usage of serialization in an untrusted context safe, there is still demand to fix at least the known cases, even when this will only start a Whack-a-Mole game."
Autor: Robert Waldner