--- groovy-1.8.9/src/main/org/codehaus/groovy/runtime/MethodClosure.java~	2017-07-11 09:28:45.474520966 +0200
+++ groovy-1.8.9/src/main/org/codehaus/groovy/runtime/MethodClosure.java	2017-07-11 09:29:07.769249720 +0200
@@ -19,6 +19,7 @@
 import groovy.lang.MetaMethod;
 
 import java.util.List;
+import java.io.IOException;
 
 
 /**
@@ -30,6 +31,8 @@
  */
 public class MethodClosure extends Closure {
 
+    public static boolean ALLOW_RESOLVE = false;
+
     private String method;
     
     public MethodClosure(Object owner, String method) {
@@ -65,4 +68,13 @@
             return getMethod();
         } else  return super.getProperty(property);        
     }
+
+    // fix for CVE-2016-6814
+    // http://seclists.org/oss-sec/2017/q1/92
+    private void readObject(java.io.ObjectInputStream stream) throws IOException, ClassNotFoundException {
+        if (ALLOW_RESOLVE) {
+            stream.defaultReadObject();
+        }
+        throw new UnsupportedOperationException();
+    }
 }