diff --git a/exploits/JavaSerializationExploit/src/main/java/exploit.py b/exploits/JavaSerializationExploit/src/main/java/exploit.py
index 7ddf565c8..b3203d3d1 100644
--- a/exploits/JavaSerializationExploit/src/main/java/exploit.py
+++ b/exploits/JavaSerializationExploit/src/main/java/exploit.py
@@ -10,5 +10,5 @@ def console(cmd):
 console("javac DoSerialize.java")
 cookieval = console("java DoSerialize")
 cookie = {'auth': cookieval[1].strip()}
-r = requests.post('http://localhost:8081/admin/login', cookies=cookie, data=" ",allow_redirects=True)
+r = requests.post('http://localhost:8081/admin/login', cookies=cookie, data=" ", allow_redirects=True, timeout=10)
 print r.text
diff --git a/src/main/java/io/shiftleft/controller/SearchController.java b/src/main/java/io/shiftleft/controller/SearchController.java
index faa409760..526b88981 100644
--- a/src/main/java/io/shiftleft/controller/SearchController.java
+++ b/src/main/java/io/shiftleft/controller/SearchController.java
@@ -5,6 +5,7 @@
 import org.springframework.expression.Expression;
 import org.springframework.expression.ExpressionParser;
 import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.SimpleEvaluationContext;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -23,7 +24,8 @@ public String doGetSearch(@RequestParam String foo, HttpServletResponse response
     try {
       ExpressionParser parser = new SpelExpressionParser();
       Expression exp = parser.parseExpression(foo);
-      message = (Object) exp.getValue();
+      SimpleEvaluationContext context = SimpleEvaluationContext.forReadOnlyDataBinding().build();
+      message = (Object) exp.getValue(context);
     } catch (Exception ex) {
       System.out.println(ex.getMessage());
     }