Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

please update mybatis to 3.5.6 to fix RCE (remote code execution) bug. #505

Closed
superzjcy opened this issue Oct 27, 2020 · 1 comment
Closed

please update mybatis to 3.5.6 to fix RCE (remote code execution) bug. #505

superzjcy opened this issue Oct 27, 2020 · 1 comment

Comments

@superzjcy
Copy link

mybatis/mybatis-3#2079
@harawata
Copy link
Member

Duplicate of #503 .

As explained in the linked issue, upgrading MyBatis version does not protect your application.
What you should do is to define JEP-290 serialization filter in your application.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@harawata @superzjcy