Thanks a lot Bertrand!! This look promising. I have seen you used a white list approach (that is the best way by far). I was wondering if we can have a combination of white/black list approach though
regards antonio On Nov 10, 2015, at 3:09 PM, Bertrand Delacretaz <[email protected]> wrote: > Hi, > > I have created a prototype at SLING-5288 to guard against recently > reported Java deserialization risks. > > Feedback is welcome, and if someone feels like enhancing that with an > ObjectInputStream wrapper that would be useful. > > -Bertrand
