More than eight years after it first came to light, an unauthenticated Java deserialization vulnerability lurking in the Google Web Toolkit open source application framework remains unpatched, and ...