[Owasp-baltimore] Null Byte Injection in filenames fixed in Java 7 too!

Dave Wichers dave.wichers at owasp.org
Sat Sep 14 00:26:27 UTC 2013


For those of you who attended the chapter meeting last week, I mentioned
that Null Byte Injection into filenames in Java was being fixed in Java 1.8.

 

Turns out that it was also just fixed in Java 7 update 40 which just came
out.  Details are here:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8014846

 

So, if you or your customers are using Java 7, I would recommend you upgrade
to update 40 as soon as you can.

 

-Dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-baltimore/attachments/20130913/ed980456/attachment.html>


More information about the Owasp-baltimore mailing list