[infinispan-issues] [JBoss JIRA] (ISPN-9116) Server marshallers/transcoders don't support whitelist when deserializing
Galder Zamarreño (JIRA)
issues at jboss.org
Tue Jul 3 09:35:00 EDT 2018
[ https://issues.jboss.org/browse/ISPN-9116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Galder Zamarreño updated ISPN-9116:
-----------------------------------
Status: Resolved (was: Pull Request Sent)
Fix Version/s: 9.4.0.Alpha1
9.4.0.Final
9.3.1.Final
Resolution: Done
> Server marshallers/transcoders don't support whitelist when deserializing
> -------------------------------------------------------------------------
>
> Key: ISPN-9116
> URL: https://issues.jboss.org/browse/ISPN-9116
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Affects Versions: 9.3.0.Final, 9.2.5.Final
> Reporter: Gustavo Fernandes
> Assignee: Gustavo Fernandes
> Fix For: 9.4.0.Alpha1, 9.4.0.Final, 9.3.1.Final
>
>
> The server deserializes binary payloads and json/xml payload without any checks. This happens when:
> * Compatibility mode is on
> * Remote listeners with filters
> * Remote iteration with filters
> * Remote tasks with parameters
> * Server is configured with MediaType.APPLICATION_OBJECT
> * Potentially with JSON and XML contents sent via REST
> The remote endpoints affected are REST, Hot Rod and Memcached.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the infinispan-issues
mailing list