Robert Muir created SOLR-14093:
----------------------------------
Summary: Ban ObjectInputStream and ObjectOutputStream in
forbidden-apis
Key: SOLR-14093
URL: https://issues.apache.org/jira/browse/SOLR-14093
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Components: Build
Reporter: Robert Muir
Assignee: Robert Muir
suggested build failure message:
{quote}
[forbidden-apis] Forbidden class/interface use: java.io.ObjectInputStream [Java
deserialization is unsafe when the data is untrusted. The java developer is
powerless: no checks or casts help, exploitation can happen in places such as
clinit or finalize!]
{quote}
I will whitelist existing places doing this for now.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
