The security concerns on CVE-2018-2815, please staying alert. For more details, please see below:
- The Java Security Architecture (JSA) defines ways for unprivileged code to perform privileged operations using
2. The method includes create a new PrivilegedIntrospectHelper.
3. The new PrivilegedIntrospectHelper will be executed on a privileged block. This block will all internalIntrospecthelper(bean,prop,value,request,param,ignoreMethodNF) which will allow to invoke encapsulation (setter).
With encapsulation we pretend that nothing is revealed about the internal representation of an object, and we interact with our components only through their public interfaces; a desirable attribute that we usually exploit later when we want to change the internal representation of data in a component without breaking any code from its users.
Official security update show as below url: