---

Oracle Patches Three Year-Old Java Deserialization Flaw in April Update

Among the most noteworthy aspects of the April CPU is the CVE-2016-1000031 Java flaw which is being patched across 19 different Oracle products. CVE-2016-1000031 is a three year-old Java deserialization vulnerability found in the Apache Commons FileUpload library that is used across multiple Oracle applications.