slievrly commented on PR #7503: URL: https://github.com/apache/incubator-seata/pull/7503#issuecomment-3050897011
> > the necessary security test cases > > I read the test code of other serialization frameworks, and except for Hessian, the tests are basically the same. > > Could you give some examples or explain it in detail? https://github.com/apache/incubator-seata/pull/7501/files The serialization framework should support a whitelist. Most security vulnerabilities are caused by unsafe deserialization. Serialization outside the whitelist should throw exceptions. When adding a whitelist, it is necessary to ensure that the overall transaction function is normal. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
