]
Ryan Emerson updated ISPN-8624:
-------------------------------
Fix Version/s: 9.2.0.CR1
(was: 9.2.0.Beta2)
Extend unmarshalling white list to GenericJBossMarshaller
---------------------------------------------------------
Key: ISPN-8624
URL:
https://issues.jboss.org/browse/ISPN-8624
Project: Infinispan
Issue Type: Enhancement
Components: Marshalling, Server
Reporter: Galder ZamarreƱo
Assignee: Galder ZamarreƱo
Fix For: 9.2.0.CR1, 9.2.0.Final
White list unmarshalling list can be injected via ClassResolver implementations.
We should also update the user guide that if developing a custom marshaller, you should
add white list unmarshalling capabilities to avoid injection attacks.