Matt Sicker created LOG4J2-1863:
-----------------------------------
Summary: Add support for filtering input in TcpSocketServer and
UdpSocketServer
Key: LOG4J2-1863
URL: https://issues.apache.org/jira/browse/LOG4J2-1863
Project: Log4j 2
Issue Type: New Feature
Components: Receivers
Affects Versions: 2.8.1
Reporter: Matt Sicker
Assignee: Matt Sicker
Fix For: 2.8.2
It is best practice to add a configurable class filter to ObjectInputStream
usage when input comes from untrusted sources. Add this feature to
TcpSocketServer and UdpSocketServer along with sensible default settings. This
feature is unnecessary in JmsServer as that relies on the underlying
configuration of the JMS server (e.g., ActiveMQ has a similar configuration
option).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscr...@logging.apache.org
For additional commands, e-mail: log4j-dev-h...@logging.apache.org
