[
https://issues.apache.org/jira/browse/SOLR-14095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17000511#comment-17000511
]
Tomas Eduardo Fernandez Lobbe commented on SOLR-14095:
------------------------------------------------------
[~noble.paul], [~ichattopadhyaya], I took another look today. I still feel
there is no way to use Json here unless we build a full serialization that
retains types correctly. I feel Javabin here is less risky compared to Json, so
I want to take that route and I want to do it soon to unblock the security
manager work.
If we don't make this change, the alternative is keep the Java serialization
and use the filtering Robert pointed to, however, since this needs to be
supported in Java 8, not all the filtering features are available.
> Remove serialization and/or support serialization filtering
> -----------------------------------------------------------
>
> Key: SOLR-14095
> URL: https://issues.apache.org/jira/browse/SOLR-14095
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-14095-json.patch, json-nl.patch
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Removing the use of serialization is greatly preferred.
> But if serialization over the wire must really happen, then we must use JDK's
> serialization filtering capability to prevent havoc.
> https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-3ECB288D-E5BD-4412-892F-E9BB11D4C98A
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
