[
https://issues.jboss.org/browse/ISPN-10868?page=com.atlassian.jira.plugin...
]
Ryan Emerson updated ISPN-10868:
--------------------------------
Description:
Java serialization whitelist should include primitive wrapper classes and arrays types, if
only because it's tedious to specify all of them in the configuration.
There's a similar argument for adding {{java.util.ArrayList}} to the default
whitelist, especially to use as keys, because {{Object[]}} keys do not work with
{{OBJECT}} storage ({{equals()}} and {{hashCode()}} are wrong). I'm not convinced yet,
because applications eventually want to use a custom key class, and POCs can get away with
converting to {{String}} and concatenating.
was:
Java serialization whitelist should include primitive wrapper classes and arrays types, if
only because it's tedious to specify all of them in the configuration.
~~There's a similar argument for adding {{java.util.ArrayList}} to the default
whitelist, especially to use as keys, because {{Object[]}} keys do not work with
{{OBJECT}} storage ({{equals()}} and {{hashCode()}} are wrong). I'm not convinced yet,
because applications eventually want to use a custom key class, and POCs can get away with
converting to {{String}} and concatenating.~~
Default whitelist should allow primitives, arrays and reference
arrays
----------------------------------------------------------------------
Key: ISPN-10868
URL:
https://issues.jboss.org/browse/ISPN-10868
Project: Infinispan
Issue Type: Task
Components: Core
Affects Versions: 9.4.16.Final, 10.0.0.Final
Reporter: Dan Berindei
Assignee: Ryan Emerson
Priority: Major
Fix For: 10.1.0.Final
Java serialization whitelist should include primitive wrapper classes and arrays types,
if only because it's tedious to specify all of them in the configuration.
There's a similar argument for adding {{java.util.ArrayList}} to the default
whitelist, especially to use as keys, because {{Object[]}} keys do not work with
{{OBJECT}} storage ({{equals()}} and {{hashCode()}} are wrong). I'm not convinced yet,
because applications eventually want to use a custom key class, and POCs can get away with
converting to {{String}} and concatenating.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)