On Wed, 12 May 2021 13:58:44 GMT, Roger Riggs <rri...@openjdk.org> wrote:
> JEP 415: Context-specific Deserialization Filters extends the deserialization > filtering mechanisms with more flexible and customizable protections against > malicious deserialization. See JEP 415: https://openjdk.java.net/jeps/415. > The `java.io.ObjectInputFilter` and `java.io.ObjectInputStream` classes are > extended with additional > configuration mechanisms and filter utilities. > > javadoc for `ObjectInputFilter`, `ObjectInputFilter.Config`, and > `ObjectInputStream`: > > http://cr.openjdk.java.net/~rriggs/filter-factory/java.base/java/io/ObjectInputFilter.html This pull request has now been integrated. Changeset: 13d61804 Author: Roger Riggs <rri...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/13d618042112aa761ef256aa35ec0a8b808cd78b Stats: 2594 lines in 9 files changed: 2409 ins; 40 del; 145 mod 8264859: Implement Context-Specific Deserialization Filters Reviewed-by: bchristi, dfuchs, chegar ------------- PR: https://git.openjdk.java.net/jdk/pull/3996
