[infinispan-issues] [JBoss JIRA] (ISPN-8624) Extend unmarshalling white list to GenericJBossMarshaller
Galder Zamarreño (JIRA)
issues at jboss.org
Wed Dec 13 05:51:01 EST 2017
[ https://issues.jboss.org/browse/ISPN-8624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Galder Zamarreño updated ISPN-8624:
-----------------------------------
Status: Pull Request Sent (was: Open)
Git Pull Request: https://github.com/infinispan/infinispan/pull/5639
> Extend unmarshalling white list to GenericJBossMarshaller
> ---------------------------------------------------------
>
> Key: ISPN-8624
> URL: https://issues.jboss.org/browse/ISPN-8624
> Project: Infinispan
> Issue Type: Enhancement
> Components: Marshalling, Server
> Reporter: Galder Zamarreño
> Assignee: Galder Zamarreño
> Fix For: 9.2.0.Beta2, 9.2.0.Final
>
>
> White list unmarshalling list can be injected via ClassResolver implementations.
> We should also update the user guide that if developing a custom marshaller, you should add white list unmarshalling capabilities to avoid injection attacks.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the infinispan-issues
mailing list