[ https://issues.apache.org/jira/browse/IO-487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15006331#comment-15006331 ]
Joerg Schaible commented on IO-487: ----------------------------------- Please use the InvalidClassException with a proper reason (e.g. "security restrictions: class rejected"). We had to detect that even recent jBoss releases start to behave very badly if the object serialization is broken in an unexpected way (we managed to throw a NPE). A restart of jBoss was actually the only way to solve the issue until the next NPE happened. This might apply to other app servers, too. > SafeObjectInputStream contribution - restrict which classes can be > deserialized > ------------------------------------------------------------------------------- > > Key: IO-487 > URL: https://issues.apache.org/jira/browse/IO-487 > Project: Commons IO > Issue Type: Improvement > Components: Utilities > Affects Versions: 2.4 > Reporter: Bertrand Delacretaz > Priority: Minor > Labels: patch > Fix For: 2.5 > > Attachments: IO-487-2.patch, IO-487-name-regex-acceptor.patch, > IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch, IO-487.patch, > IO-487.patch > > > As discussed on the commons dev list I'd like to contribute my SLING-5288 > code to commons-io. I'll attach a patch. -- This message was sent by Atlassian JIRA (v6.3.4#6332)