AEM Podcast: Java Deserialization Bug

AEM-Podcast_Java-Deserialization-Bug
Back on January 20, 2016, Adobe released a critical security hotfix to correct a vulnerability/flaw regarding Java deserialization. The day it was released, Joey wrote up a blog post about it (and made me post it up before I could go home), urging everyone to get it installed as quickly as possible. In the post we linked to some documentation explaining the issue, but we felt that it would be a good idea to discuss it via the podcast as well because this is such an important fix. In this podcast we get a little more in depth about:

  • what the issue is
  • why it is such a big deal
  • problems that might occur if you put it in your Adobe Experience Manager environment
  • how to ensure it was installed correctly
  • what you should do if you run into problems

This fix has been rolled into the Service Pack 1 release, but at this point in time Adobe is not yet shipping AEM with SP1 pre-installed. My guess is that Adobe Experience Manager 6.2 will have it baked in.