On Tue, 25 May 2021 09:14:38 GMT, Chris Hegarty wrote:
>> The spec/code is forthcoming.
>> ii) is sufficient to prevent ambiguity in which filter is used throughout
>> the Java runtime;
>>though it requires a bit of package-private plumbing.
>>
>> i) is too limiting. It should be
On Mon, 24 May 2021 15:09:26 GMT, Roger Riggs wrote:
> i) is too limiting. It should be possible for an application to check whether
> a filter factory has been provided on the command line (by calling
> getSerialFilterFactory) and if not setting the factory itself. It may also
> want to
On Fri, 21 May 2021 16:26:46 GMT, Roger Riggs wrote:
>> src/java.base/share/classes/java/io/ObjectInputFilter.java line 1139:
>>
>>> 1137: * and not classes.
>>> 1138: */
>>> 1139: private static class AllowMaxLimitsFilter implements
>>> ObjectInputFilter {
>>
>>
On Mon, 24 May 2021 08:22:57 GMT, Chris Hegarty wrote:
>> In previous versions, calling OIS.setObjectInputFilter determined exactly
>> the filter used for the stream.
>> With the filter factory enhancement, the current filter factory determines
>> how the argument to OIS.setObjectInputFilter
On Mon, 24 May 2021 08:31:29 GMT, Chris Hegarty wrote:
>> It is reasonable to require that the factory be set before any OIS is
>> constructed.
>> Similar to the restriction that the filter on a stream cannot be changed
>> after the first call to readObject.
>> So an IllegalStateException
On Fri, 21 May 2021 17:09:00 GMT, Roger Riggs wrote:
>> src/java.base/share/classes/java/io/ObjectInputFilter.java line 365:
>>
>>> 363: * A utility class to set and get the JVM-wide deserialization
>>> filter factory,
>>> 364: * the static JVM-wide filter, or to create a filter from
On Fri, 21 May 2021 17:21:15 GMT, Roger Riggs wrote:
>> src/java.base/share/classes/java/io/ObjectInputFilter.java line 107:
>>
>>> 105: * Note that the filter may be used directly or combined with
>>> other filters by the
>>> 106: * {@linkplain
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Fri, 21 May 2021 17:25:07 GMT, Roger Riggs wrote:
> The static is intended to distinguish that single filter from the others. The
> static vs current distinction is part of JEP 290 from which this evolved.
I can kinda grok that now, I see "current filter" in JEP 290. I think that the
new
On Thu, 20 May 2021 18:59:58 GMT, Daniel Fuchs wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Fri, 21 May 2021 16:25:58 GMT, Chris Hegarty wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Fri, 21 May 2021 16:09:45 GMT, Chris Hegarty wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Fri, 21 May 2021 16:05:59 GMT, Chris Hegarty wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Fri, 21 May 2021 15:58:15 GMT, Chris Hegarty wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Fri, 21 May 2021 15:54:50 GMT, Chris Hegarty wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Thu, 20 May 2021 19:11:34 GMT, Daniel Fuchs wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Thu, 20 May 2021 19:04:25 GMT, Daniel Fuchs wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Fri, 21 May 2021 03:02:43 GMT, Brent Christian wrote:
>> Roger Riggs has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator and
>> cleanup the example
>
>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
On Thu, 20 May 2021 16:10:11 GMT, Roger Riggs wrote:
>> JEP 415: Context-specific Deserialization Filters extends the
>> deserialization filtering mechanisms with more flexible and customizable
>> protections against malicious deserialization. See JEP 415:
>>
> JEP 415: Context-specific Deserialization Filters extends the deserialization
> filtering mechanisms with more flexible and customizable protections against
> malicious deserialization. See JEP 415: https://openjdk.java.net/jeps/415.
> The `java.io.ObjectInputFilter` and
27 matches
Mail list logo