THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
While working on the serialize vulnerability, I stumbled upon this article "Closing the open door of java object serialization" and found notsoserial was a better Java agent than OWASP's I introduced at r1717058. Because it easily protects you from all possible serialize vulnerabilities as explained here! So I replaced contrast-rO0.jar by notsoserial-1.0-SNAPSHOT (see
Jira | ||||||
---|---|---|---|---|---|---|
|
Jira | ||||||
---|---|---|---|---|---|---|
|