Security

Oracle plans to end Java serialization, but that’s not the end of the story

Recently, on the "Ask The Architect" session from the Devoxx UK 2018 conference, Oracle's chief architect, Mark Reinhold, shared his thoughts about Java’s serialization mechanism which he called a ...
InfoWorld

Oracle plans to dump risky Java serialization

Oracle plans to drop from Java its serialization feature that has been a thorn in the side when it comes to security. Also known as Java object serialization, the feature is used for encoding objects ...
Bleeping Computer

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Serializing and deserializing data is not a problem by itself, or when the source of the data is known to be safe. These operations become dangerous when an app works with user-supplied data. For the ...
eWeek

Oracle Patches 3-Year-Old Java Deserialization Flaw in April Update

In this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise. eSpeaks’ ...
adtmag.com

Waratek's Giannakidis: Removing Serialization from Java Is Not the End of the Story

Last month, Oracle's chief architect, Mark Reinhold, said during a conference Q&A that one of Oracle's long-term goals is to change the way Java handles object serialization. In fact, he called the ...
Threat Post

Java Serialization Bug Crops Up At PayPal

PayPal has rewarded two researchers with bug bounties for the discovery of a Java serialization vulnerability in manager.paypal.com A Java serialization vulnerability disclosed more than a year ago ...