Out of curiosity, how many of you all use Spring? How many of you all will this affect in a significant way?
http://www.javaworld.com/javaworld/jw-01-2013/130117-spring-framework-remote-code-execution-hack.html
Quote
There's a major flaw in the Java-based Spring Framework open-source development code that allows remote-code execution by attackers against applications built with it, according to the security firm Aspect Security, which identified the flaw.
"It allows attackers to inject code," says Jeff Williams, CEO at Aspect Security. The weakness is in what's called the "expression language" function in the Spring Framework development code.
"It allows attackers to inject code," says Jeff Williams, CEO at Aspect Security. The weakness is in what's called the "expression language" function in the Spring Framework development code.
http://www.javaworld.com/javaworld/jw-01-2013/130117-spring-framework-remote-code-execution-hack.html