[jira] [Resolved] (BROOKLYN-609) Configure security for XStream intances

Juan Cabrerizo (JIRA) Thu, 14 Feb 2019 04:03:17 -0800


     [ 
https://issues.apache.org/jira/browse/BROOKLYN-609?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Juan Cabrerizo resolved BROOKLYN-609.
-------------------------------------
    Resolution: Fixed

Default security has been implemented allowing too any class to be deserialized 
{code:java}
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {
"**"
});
{code}
 

> Configure security for XStream intances 
> ----------------------------------------
>
>                 Key: BROOKLYN-609
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-609
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Juan Cabrerizo
>            Priority: Major
>
> After upgrading XStream from 1.4.8 to 1.4.11.1, the console throws this 
> message:
> `Security framework of XStream not initialized, XStream is probably 
> vulnerable`
> To solve that, the XStream  security must be initialized and some set of 
> classes or packages allowed to deserialization must be provided after create 
> new instantiates of XStream 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (BROOKLYN-609) Configure security for XStream intances

Reply via email to