New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Workaround for Java bug in parsing specific decimal value [SPR-7950] #12605

spring-issuemaster opened this Issue Feb 9, 2011 · 1 comment


None yet
1 participant
Copy link

spring-issuemaster commented Feb 9, 2011

Oliver Drotbohm opened SPR-7950 and commented

Current Java versions suffer from a nasty bug that will pretty much stall the entire VM when trying to parse the value into a BigDecimal or Double. So in case somebody pipes this into a Spring MVC form for example, the CustomNumberEditor will suffer from this vulnerability.

Although Oracle seems to approach the issue now that it's publicly discussed, but users not able to upgrade to a very current version of Java will be affected.

No further details from SPR-7950


This comment has been minimized.

Copy link

spring-issuemaster commented Jan 16, 2013

Oliver Drotbohm commented

The issue doesn't seem to be present in current JRE 1.6.0_37 and JRE 1.7.0_11 anymore. So the suggested workaround is to upgrade to a JRE that has the fix for the original issue. According to the website that described the issue the first JRE version including the fix is 1.6.0_24. Not sure if a JRE 7 has ever been affected by that bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment