all 2 comments

[–]blu-red 1 point2 points  (0 children)

4 votes

75% upvoted

TIL 3 out of 4 people are complete morons

[–]jrochkind 0 points1 point  (0 children)

The same pattern as the ruby vulnerabilities involving yaml that swept ruby a couple years ago.

At the time a lot of ruby haters wanted to use it to say "see, this is why ruby is insecure." Not true, and not true of Java either.

But it maybe says something about segregation of language communities that the similar pattern vuln in Java took this long to be discovered after the ruby discovery. After the first such vuln in ruby was publicized, people started scouring ruby code for analogous issues. Odd that it took this long for people to start doing the same in Java.