Ars Technica

Yet another Java flaw allows “complete” bypass of security sandbox

I don't have a problem when people want to uninstall the Java plugin from their browser. Just like Flash, it's a product of a bygone era. Native HTML5 apps are the way to go now for anything ...
CSOonline

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java Spring ecosystem. Maintainers of Thymeleaf, a widely used template engine for ...
Ars Technica

Yet another Java flaw allows “complete” bypass of security sandbox

Eh, the issues are just deeper. XHTML at least is properly formed, which is useful. Otherwise it is the same old story. Presentation and structure inexplicably mixed. Too high level, ...