iamqq23ue commented on issue #4360: URL: https://github.com/apache/rocketmq/issues/4360#issuecomment-1138554298
> > @odbozhou thanks for the reply. Setting -Dfastjson.parser.safeMode=true should circumvent security holes. > > What I want to know is, will it cause compatibility issues with rocketmq? > > Yes, that's the key point. We are not sure wheather rocketmq use autoType fearure. The most reliable way is upgrade the dependency jar file. > > https://github.com/alibaba/fastjson/wiki/security_update_20220523#32-safemode%E5%8A%A0%E5%9B%BA upgrade the dependency jar file also may have compatibility issues.And in the future, fastjson may still have security breach that need to be upgraded. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
