https://bugzilla.redhat.com/show_bug.cgi?id=1548909
--- Doc Text *updated* by Eric Christensen sparks@redhat.com --- An XML deserialization vulnerability was discovered in slf4j's EventData which accepts anXML serialized string and can lead to arbitrary code execution.
java-sig-commits@lists.fedoraproject.org