新浪网

云安全日报210517:XStream Java序列化库发现远程代码执行漏洞,需要尽快 ...

原标题:云安全日报210517:XStream Java序列化库发现远程代码执行漏洞,需要尽快升级 XStream是一个常用的Java对象和XML相互转换的工具。5月15日 XStream官方发布安全更新,修复了多个XStream 反序列化漏洞。以下是漏洞详情: 攻击者通过构造恶意的XML文档,可绕过XStream ...
新浪网

云安全日报210823:XStream Java序列化库发现执行任意代码漏洞,需要尽快 ...

原标题:云安全日报210823:XStream Java序列化库发现执行任意代码漏洞,需要尽快升级 XStream是一个常用的Java对象和XML相互转换的工具。8月23日 XStream官方发布安全更新,修复了多个XStream Java序列化库中发现的执行任意代码等重要漏洞。以下是漏洞详情: XStream 容易 ...
InfoWorld

Java Tip 128: Create a quick-and-dirty XML parser

XML is a popular data format for several reasons: it is human readable, self-describing, and portable. Unfortunately, many Java-based XML parsers are very large; for example, Sun Microsystems’ ...
InfoWorld

Java XML and JSON: Document processing for Java SE, Part 1: SAXON and Jackson

XML and JSON are important to me, and I’m grateful to Apress for letting me write an entire book about them. In this article I will briefly introduce the second edition of my new book, Java XML and ...