This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch 3.0
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/3.0 by this push:
new a1bfac1001 Update list
a1bfac1001 is described below
commit a1bfac1001f9b6c7f3ea5c3f5bdf2ac79baa83b5
Author: Albumen Kevin <[email protected]>
AuthorDate: Thu Jan 12 19:35:10 2023 +0800
Update list
---
.../main/resources/security/serialize.blockedlist | 74 +++++++++++++++-------
1 file changed, 52 insertions(+), 22 deletions(-)
diff --git a/dubbo-common/src/main/resources/security/serialize.blockedlist
b/dubbo-common/src/main/resources/security/serialize.blockedlist
index de0b68de63..07bc753ccf 100644
--- a/dubbo-common/src/main/resources/security/serialize.blockedlist
+++ b/dubbo-common/src/main/resources/security/serialize.blockedlist
@@ -18,33 +18,38 @@
#
aj.org.objectweb.asm.
br.com.anteros.
+bsh.
ch.qos.logback.
-clojure.core$constantly
-clojure.main$eval_opt
-com.alibaba.citrus.springext.support.parser.abstractnamedproxybeandefinitionparser$proxytargetfactory
-com.alibaba.citrus.springext.util.springextutil.abstractproxy
-com.alibaba.druid.pool.druiddatasource
+clojure.
+com.alibaba.citrus.springext.support.parser.
+com.alibaba.citrus.springext.util.SpringExtUtil.
+com.alibaba.druid.pool.
com.alibaba.druid.stat.jdbcdatasourcestat
com.alibaba.fastjson.annotation
-com.alipay.custrelation.service.model.redress.pair
+com.alibaba.hotcode.internal.org.apache.commons.collections.functors.
+com.alipay.custrelation.service.model.redress.
+com.alipay.oceanbase.obproxy.druid.pool.
com.caucho.
com.ibatis.
+com.ibm.jtc.jax.xml.bind.v2.runtime.unmarshaller.
+com.ibm.xltxe.rnm1.xtq.bcel.util.
com.mchange
com.mysql.cj.jdbc.admin.
com.mysql.cj.jdbc.mysqlconnectionpooldatasource
com.mysql.cj.jdbc.mysqldatasource
com.mysql.cj.jdbc.mysqlxadatasource
com.mysql.cj.log.
+com.mysql.jdbc.util.
com.p6spy.engine.
-com.rometools.rome.feed.impl.equalsbean
-com.rometools.rome.feed.impl.tostringbean
+com.rometools.rome.feed.
com.sun.
com.taobao.eagleeye.wrapper
+com.taobao.vipserver.commons.collections.functors.
com.zaxxer.hikari.
flex.messaging.util.concurrent.
-java.awt.i
-java.awt.p
-java.beans.expression
+groovy.lang.
+java.awt.
+java.beans.
java.io.closeable
java.io.serializable
java.lang.autocloseable
@@ -52,41 +57,46 @@ java.lang.class
java.lang.cloneable
java.lang.iterable
java.lang.object
+java.lang.ProcessBuilder
java.lang.readable
java.lang.runnable
+java.lang.Runtime
java.lang.thread
java.lang.unixprocess
java.net.inetaddress
java.net.socket
java.net.url
java.rmi
-java.security.signedobject
+java.security.
java.util.collection
java.util.eventlistener
java.util.jar.
java.util.logging.
java.util.prefs.
+java.util.ServiceLoader
java.util.serviceloader$lazyiterator
+java.util.StringTokenizer
javassist.
javax.activation.
-javax.imageio.imageio$containsfilter
-javax.imageio.spi.serviceregistry
+javax.imageio.
javax.management.
+javax.media.jai.remote.
javax.naming.
javax.net.
javax.print.
javax.script.
javax.sound.
-javax.swing.j
+javax.swing.
javax.tools.
javax.xml
jdk.internal.
jodd.db.connection.
junit.
-net.bytebuddy.dynamic.loading.bytearrayclassloader
+net.bytebuddy.dynamic.loading.
net.sf.cglib.
net.sf.ehcache.hibernate.
net.sf.ehcache.transaction.manager.
+ognl.
oracle.jdbc.
oracle.jms.aq
oracle.net
@@ -100,10 +110,12 @@ org.apache.aries.transaction.
org.apache.axis2.jaxws.spi.handler.
org.apache.axis2.transport.jms.
org.apache.bcel
+org.apache.carbondata.core.scan.expression.
org.apache.carbondata.core.scan.expression.expressionresult
org.apache.catalina.
org.apache.cocoon.
org.apache.commons.beanutils
+org.apache.commons.codec.
org.apache.commons.collections.comparators.
org.apache.commons.collections.functors
org.apache.commons.collections.functors.
@@ -112,6 +124,7 @@ org.apache.commons.collections4.comparators
org.apache.commons.collections4.functors
org.apache.commons.collections4.transformer
org.apache.commons.configuration
+org.apache.commons.configuration2.
org.apache.commons.dbcp
org.apache.commons.fileupload
org.apache.commons.jelly.
@@ -130,32 +143,43 @@ org.apache.ibatis.ognl.
org.apache.ibatis.parsing.
org.apache.ibatis.reflection.
org.apache.ibatis.scripting.
+org.apache.ignite.cache.
org.apache.ignite.cache.jta.
+org.apache.log.output.db.
org.apache.log4j.
org.apache.logging.
org.apache.myfaces.context.servlet
+org.apache.myfaces.view.facelets.el.
org.apache.openjpa.ee.
-org.apache.shiro.jndi.
-org.apache.shiro.realm.
+org.apache.shiro.
org.apache.tomcat
+org.apache.velocity.
org.apache.wicket.util
org.apache.xalan
org.apache.xbean.
-org.apache.xpath.xpathcontext
+org.apache.xpath.
+org.apache.zookeeper.
+org.aspectj.
org.codehaus.groovy.runtime
org.codehaus.jackson.
+org.datanucleus.store.rdbms.datasource.dbcp.datasources.
+org.dom4j.
org.eclipse.jetty.
-org.geotools.filter.constantexpression
+org.geotools.filter.
org.h2.jdbcx.
org.h2.server.
+org.h2.value.
org.hibernate
org.javasimon.
org.jaxen.
org.jboss
org.jdom.
org.jdom2.transform.
+org.junit.
org.logicalcobwebs.
+org.mockito.
org.mortbay.jetty.
+org.mortbay.log.
org.mozilla.javascript
org.objectweb.asm.
org.osjava.sj.
@@ -163,5 +187,11 @@ org.python.core
org.quartz.
org.slf4j.
org.springframework.
-org.yaml.snakeyaml.tokens.directivetoken
-sun.rmi.server.unicastref
\ No newline at end of file
+org.thymeleaf.
+org.yaml.snakeyaml.tokens.
+pstore.shaded.org.apache.commons.collections.
+sun.print.
+sun.rmi.server.
+sun.rmi.transport.
+weblogic.ejb20.internal.
+weblogic.jms.common.
