ZDNet

Deserialization issues also affect Ruby, not just Java, PHP, and .NET

The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for ...
Bleeping Computer

Oracle Plans to Drop Java Serialization Support, the Source of Most Security Bugs

Serializing and deserializing data is not a problem by itself, or when the source of the data is known to be safe. These operations become dangerous when an app works with user-supplied data. For the ...
CSOonline

Java deserialization vulnerabilities explained and how to defend against them

Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't ...
adtmag.com

Removing Serialization from Java Is a 'Long-Term Goal' at Oracle

Oracle's chief architect says his company intends to remove serialization from Java -- eventually. Answering a question during a live-streamed session at the recent Devoxx UK 2018 conference called ...
Bleeping Computer

Severe Deserialization Issues Also Affect .NET, Not Just Java

The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016. The flaw is in how .NET coding libraries handle deserialization operations, leading to ...