QueryServlet.html

smartini Mon, 30 Jan 2023 09:27:49 -0800

Author: smartini
Date: Mon Jan 30 17:27:10 2023
New Revision: 1907117

URL: http://svn.apache.org/viewvc?rev=1907117&view=rev
Log:
update security info in classes potentially exposed to the Java deserialization 
of arbitrary objects vulnerability


Modified:
    
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/serialization/BinarySerializer.html
    
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/web/server/QueryServlet.html

Modified: 
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/serialization/BinarySerializer.html
URL: 
http://svn.apache.org/viewvc/pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/serialization/BinarySerializer.html?rev=1907117&r1=1907116&r2=1907117&view=diff
==============================================================================
--- 
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/serialization/BinarySerializer.html
 (original)
+++ 
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/serialization/BinarySerializer.html
 Mon Jan 30 17:27:10 2023
@@ -144,6 +144,7 @@ implements <a href="Serializer.html" tit
 <div class="block">Implementation of the <a href="Serializer.html" 
title="interface in org.apache.pivot.serialization"><code>Serializer</code></a> 
interface that uses Java's internal
  serialization mechanism to read and write values. All values in the object
  hierarchy are required to implement <code>Serializable</code>.</div>
+<div class="block">Note that for better security, you should only use 
BinarySerializer in QueryServlet if you're sure the incoming requests will only 
come from trusted sources.</div>
 </li>
 </ul>
 </div>

Modified: 
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/web/server/QueryServlet.html
URL: 
http://svn.apache.org/viewvc/pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/web/server/QueryServlet.html?rev=1907117&r1=1907116&r2=1907117&view=diff
==============================================================================
--- 
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/web/server/QueryServlet.html
 (original)
+++ 
pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot/web/server/QueryServlet.html
 Mon Jan 30 17:27:10 2023
@@ -151,6 +151,7 @@ $('.navPadding').css('padding-top', $('.
 <pre>public abstract class <span class="typeNameLabel">QueryServlet</span>
 extends javax.servlet.http.HttpServlet</pre>
 <div class="block">Abstract base class for query servlets.</div>
+<div class="block">Note that for better security, you should only use 
BinarySerializer in QueryServlet if you're sure the incoming requests will only 
come from trusted sources.</div>
 <dl>
 <dt><span class="seeLabel">See Also:</span></dt>
 <dd><a 
href="../../../../../serialized-form.html#org.apache.pivot.web.server.QueryServlet">Serialized
 Form</a></dd>

svn commit: r1907117 - in /pivot/site/trunk/deploy/2.0.5/docs/api/org/apache/pivot: serialization/BinarySerializer.html web/server/QueryServlet.html

Reply via email to