[jira] [Commented] (IO-487) ValidatingObjectInputStream contribution - restrict which classes can be deserialized

Emmanuel Bourg (JIRA) Thu, 19 Nov 2015 14:38:00 -0800

    [ 
https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15014580#comment-15014580
 ]


Emmanuel Bourg commented on IO-487:
-----------------------------------

What about trusting {{java.lang}} by default? 

> ValidatingObjectInputStream contribution - restrict which classes can be 
> deserialized
> -------------------------------------------------------------------------------------
>
>                 Key: IO-487
>                 URL: https://issues.apache.org/jira/browse/IO-487
>             Project: Commons IO
>          Issue Type: Improvement
>          Components: Utilities
>    Affects Versions: 2.4
>            Reporter: Bertrand Delacretaz
>            Priority: Minor
>              Labels: patch
>             Fix For: 2.5
>
>         Attachments: IO-487-2.patch, IO-487-accept-reject-2.patch, 
> IO-487-accept-reject.patch, IO-487-matchers.patch, 
> IO-487-name-regex-acceptor.patch, IO-487.patch, IO-487.patch, IO-487.patch, 
> IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch
>
>
> As discussed on the commons dev list I'd like to contribute my SLING-5288 
> code to commons-io. I'll attach a patch.
> _Update: this is committed now, see [1] for an example_.
> [1] 
> https://svn.apache.org/repos/asf/commons/proper/io/trunk/src/test/java/org/apache/commons/io/serialization/MoreComplexObjectTest.java



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (IO-487) ValidatingObjectInputStream contribution - restrict which classes can be deserialized

Reply via email to