[ https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014580#comment-15014580 ]
Emmanuel Bourg commented on IO-487: ----------------------------------- What about trusting {{java.lang}} by default? > ValidatingObjectInputStream contribution - restrict which classes can be > deserialized > ------------------------------------------------------------------------------------- > > Key: IO-487 > URL: https://issues.apache.org/jira/browse/IO-487 > Project: Commons IO > Issue Type: Improvement > Components: Utilities > Affects Versions: 2.4 > Reporter: Bertrand Delacretaz > Priority: Minor > Labels: patch > Fix For: 2.5 > > Attachments: IO-487-2.patch, IO-487-accept-reject-2.patch, > IO-487-accept-reject.patch, IO-487-matchers.patch, > IO-487-name-regex-acceptor.patch, IO-487.patch, IO-487.patch, IO-487.patch, > IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch > > > As discussed on the commons dev list I'd like to contribute my SLING-5288 > code to commons-io. I'll attach a patch. > _Update: this is committed now, see [1] for an example_. > [1] > https://svn.apache.org/repos/asf/commons/proper/io/trunk/src/test/java/org/apache/commons/io/serialization/MoreComplexObjectTest.java -- This message was sent by Atlassian JIRA (v6.3.4#6332)