CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
Reuters

Experts urge PC users to disable Java, cite security flaw

(Reuters) - Computer users are being advised by security experts to disable Oracle Corp's widely used Java software after a security flaw was discovered in the past day that they say hackers are ...
Ars Technica

Yet another Java flaw allows “complete” bypass of security sandbox

Eh, the issues are just deeper. XHTML at least is properly formed, which is useful. Otherwise it is the same old story. Presentation and structure inexplicably mixed. Too high level, ...