AEM Podcast: Java Deserialization Bug

Back on January 20, 2016, Adobe released a critical security hotfix to correct a vulnerability/flaw regarding Java deserialization. The day it was released, Joey wrote up a blog post about it (and made me post it up before I could go home), urging everyone to get it installed as quickly as possible. In the post …


Adobe Critical Security Hotfix for AEM 5.5.0-6.1

Adobe today released a Critical Hotfix for AEM to patch a flaw (CVE-2015-7501) classified as CVSS 10.0 (highest criticality in the Common Vulnerability Scoring System). You can find information about the Hotfix by logging into your Adobe PackageShare, or by visiting https://www.adobeaemcloud.com/content/marketplace/marketplaceProxy.html?packagePath=/content/companies/public/adobe/packages/cq/hotfix/cq-ALL-hotfix-NPR-8364. Also, here is a blog post that explains the java deserialization vulnerability in …