[infinispan-issues] [JBoss JIRA] (ISPN-8624) Extend unmarshalling white list to GenericJBossMarshaller
Ryan Emerson (JIRA)
issues at jboss.org
Mon Dec 18 10:50:02 EST 2017
[ https://issues.jboss.org/browse/ISPN-8624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ryan Emerson updated ISPN-8624:
-------------------------------
Fix Version/s: 9.2.0.CR1
(was: 9.2.0.Beta2)
> Extend unmarshalling white list to GenericJBossMarshaller
> ---------------------------------------------------------
>
> Key: ISPN-8624
> URL: https://issues.jboss.org/browse/ISPN-8624
> Project: Infinispan
> Issue Type: Enhancement
> Components: Marshalling, Server
> Reporter: Galder Zamarreño
> Assignee: Galder Zamarreño
> Fix For: 9.2.0.CR1, 9.2.0.Final
>
>
> White list unmarshalling list can be injected via ClassResolver implementations.
> We should also update the user guide that if developing a custom marshaller, you should add white list unmarshalling capabilities to avoid injection attacks.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the infinispan-issues
mailing list