[Owasp-baltimore] Null Byte Injection in filenames fixed in Java 7 too!

Dave Wichers dave.wichers at owasp.org
Sat Sep 14 00:26:27 UTC 2013

For those of you who attended the chapter meeting last week, I mentioned
that Null Byte Injection into filenames in Java was being fixed in Java 1.8.


Turns out that it was also just fixed in Java 7 update 40 which just came
out.  Details are here:


So, if you or your customers are using Java 7, I would recommend you upgrade
to update 40 as soon as you can.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-baltimore/attachments/20130913/ed980456/attachment.html>

More information about the Owasp-baltimore mailing list