News

CSOonline1mon
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
The vulnerability, tracked as CVE-2025-30065, is a deserialization issue (CWE-502) in Parquet’s Java library that allows execution of maliciously crafted Parquet files. “This vulnerability can ...
InfoWorld1mon
Java plan prepares to restrict final field mutation
There is no plan to deprecate or remove any part of the Java Platform API or prevent mutation of final fields by serialization libraries during deserialization. The JEP currently does not list a ...