[infinispan-issues] [JBoss JIRA] (ISPN-8624) Extend unmarshalling white list to GenericJBossMarshaller
Galder Zamarreño (JIRA)
issues at jboss.org
Wed Dec 13 03:43:01 EST 2017
Galder Zamarreño created ISPN-8624:
--------------------------------------
Summary: Extend unmarshalling white list to GenericJBossMarshaller
Key: ISPN-8624
URL: https://issues.jboss.org/browse/ISPN-8624
Project: Infinispan
Issue Type: Enhancement
Components: Marshalling, Server
Reporter: Galder Zamarreño
Assignee: Galder Zamarreño
Fix For: 9.2.0.Beta2, 9.2.0.Final
White list unmarshalling list can be injected via ClassResolver implementations.
We should also update the user guide that if developing a custom marshaller, you should add white list unmarshalling capabilities to avoid injection attacks.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the infinispan-issues
mailing list