As reported by David Jorm:
this issue: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7285
will affect the org.restlet.ext.xstream extension. It can be resolved by upgrading to XStream 1.4.7 and using the security framework documented here: http://xstream.codehaus.org/security.html
to only allow trusted types to be deserialized.
As reported by David Jorm:
this issue: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7285
will affect the org.restlet.ext.xstream extension. It can be resolved by upgrading to XStream 1.4.7 and using the security framework documented here: http://xstream.codehaus.org/security.html
to only allow trusted types to be deserialized.