Hi,
On Fri, Jun 18, 2021 at 06:35:11PM +0200, Sylvain Beucler wrote:
> On 07/06/2021 09:40, Emilio Pozuelo Monfort wrote:
> > On 02/06/2021 14:24, Markus Koschany wrote:
> > > Am Mittwoch, den 02.06.2021, 12:26 +0200 schrieb Emilio Pozuelo Monfort:
> > > > I think it is time
> > > > we declare
Hi,
On 07/06/2021 09:40, Emilio Pozuelo Monfort wrote:
On 02/06/2021 14:24, Markus Koschany wrote:
Am Mittwoch, den 02.06.2021, 12:26 +0200 schrieb Emilio Pozuelo Monfort:
I think it is time
we declare the block list unsupported, asking users to switch to the
allow
list.
Thoughts?
I
On 02/06/2021 14:24, Markus Koschany wrote:
Hi Emilio,
Am Mittwoch, den 02.06.2021, 12:26 +0200 schrieb Emilio Pozuelo Monfort:
I think it is time
we declare the block list unsupported, asking users to switch to the allow
list.
Thoughts?
I believe it is sensible to switch to the whitelist
Hi Emilio,
Am Mittwoch, den 02.06.2021, 12:26 +0200 schrieb Emilio Pozuelo Monfort:
> I think it is time
> we declare the block list unsupported, asking users to switch to the allow
> list.
>
> Thoughts?
I believe it is sensible to switch to the whitelist by default after we have
tested the
Hi,
libxstream-java allows deserializing objects from XML. It can use a list of
allowed types or a list of blocked ones. If using the latter, that list may be
incomplete, causing security issues if an attacker deserializes unsecure objects.
That blocklist has repeatedly found to be