Hi, I have created a prototype at SLING-5288 to guard against recently reported Java deserialization risks.
Feedback is welcome, and if someone feels like enhancing that with an ObjectInputStream wrapper that would be useful. -Bertrand
- SafeObjectInputStream prototype Bertrand Delacretaz
- Re: SafeObjectInputStream prototype Antonio Sanso
- Re: SafeObjectInputStream prototype Bertrand Delacretaz
- Re: SafeObjectInputStream prototype Bertrand Delacretaz
- Re: SafeObjectInputStream prototype Bertrand Delacretaz
- RE: SafeObjectInputStream prototype Jason Bailey
- Re: SafeObjectInputStream prototype Bertrand Delacretaz
