[infinispan-issues] [JBoss JIRA] (ISPN-9116) Server marshallers/transcoders don't support whitelist when deserializing
Diego Lovison (Jira)
issues at jboss.org
Wed Oct 10 07:45:00 EDT 2018
[ https://issues.jboss.org/browse/ISPN-9116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Diego Lovison updated ISPN-9116:
--------------------------------
Tester: Diego Lovison
> Server marshallers/transcoders don't support whitelist when deserializing
> -------------------------------------------------------------------------
>
> Key: ISPN-9116
> URL: https://issues.jboss.org/browse/ISPN-9116
> Project: Infinispan
> Issue Type: Bug
> Components: Server
> Affects Versions: 9.3.0.Final, 9.2.5.Final
> Reporter: Gustavo Fernandes
> Assignee: Gustavo Fernandes
> Priority: Major
> Fix For: 9.4.0.Alpha1, 9.4.0.CR3, 9.3.1.Final
>
>
> The server deserializes binary payloads and json/xml payload without any checks. This happens when:
> * Compatibility mode is on
> * Remote listeners with filters
> * Remote iteration with filters
> * Remote tasks with parameters
> * Server is configured with MediaType.APPLICATION_OBJECT
> * Potentially with JSON and XML contents sent via REST
> The remote endpoints affected are REST, Hot Rod and Memcached.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the infinispan-issues
mailing list