]
Ryan Emerson updated ISPN-10868:
--------------------------------
Summary: Default whitelist should allow primitives, arrays and ArrayList (was:
Default whitelist should allow primitives and arrays)
Default whitelist should allow primitives, arrays and ArrayList
---------------------------------------------------------------
Key: ISPN-10868
URL:
https://issues.jboss.org/browse/ISPN-10868
Project: Infinispan
Issue Type: Task
Components: Core
Affects Versions: 9.4.16.Final, 10.0.0.Final
Reporter: Dan Berindei
Assignee: Ryan Emerson
Priority: Major
Fix For: 10.1.0.Final
Java serialization whitelist should include primitive wrapper classes and arrays types,
if only because it's tedious to specify all of them in the configuration.
There's a similar argument for adding {{java.util.ArrayList}} to the default
whitelist, especially to use as keys, because {{Object[]}} keys do not work with
{{OBJECT}} storage ({{equals()}} and {{hashCode()}} are wrong). I'm not convinced yet,
because applications eventually want to use a custom key class, and POCs can get away with
converting to {{String}} and concatenating.