Whisper this, but Java deserialisation vulnerability affects more libraries • The Register

http://www.theregister.co.uk/2015/12/07/java_deserialisation_research_library_vulnerable/