On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote:
> The effects of an invalid `jdk.serialFilter` property are not completely
> documented. If the value of the system property jdk.serialFilter is invalid,
> deserialization should not be possible and it should be clear in the
>
On Tue, 30 Nov 2021 20:43:23 GMT, Roger Riggs wrote:
>> This is about the second line of defense; what happens when the developer
>> deliberately ignores the first error.
>> If the command line parameters are invalid it might be an option to call
>> `System.exit(1)` but there
>> is no
On Wed, 24 Nov 2021 15:39:13 GMT, Roger Riggs wrote:
>> If the intent is to disable serialization entirely, then this state should
>> be represented explicitly. Having things throw `NoClassDefFoundError` looks
>> like a mistake and a bug that needs to be fixed. In addition, it requires
>>
On Tue, 23 Nov 2021 23:07:08 GMT, Stuart Marks wrote:
>> Most configurations of `jdk.serialFilter` and` jdk.serialFilterFactory` will
>> be valid.
>> If they are not valid, the cause must be clear and useful suggestion made to
>> correct the command line
>> or security properties.
>>
>> It
On Tue, 23 Nov 2021 21:44:17 GMT, Roger Riggs wrote:
>> src/java.base/share/classes/java/io/ObjectInputFilter.java line 529:
>>
>>> 527: * if the filter string is invalid, an {@link
>>> ExceptionInInitializerError} is thrown
>>> 528: * and the initialization fails; subsequent
On Tue, 23 Nov 2021 04:40:04 GMT, Stuart Marks wrote:
>> The effects of an invalid `jdk.serialFilter` property are not completely
>> documented. If the value of the system property jdk.serialFilter is invalid,
>> deserialization should not be possible and it should be clear in the
>>
On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote:
> The effects of an invalid `jdk.serialFilter` property are not completely
> documented. If the value of the system property jdk.serialFilter is invalid,
> deserialization should not be possible and it should be clear in the
>
On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote:
> The effects of an invalid `jdk.serialFilter` property are not completely
> documented. If the value of the system property jdk.serialFilter is invalid,
> deserialization should not be possible and it should be clear in the
>
On Mon, 22 Nov 2021 19:57:25 GMT, Roger Riggs wrote:
> The effects of an invalid `jdk.serialFilter` property are not completely
> documented. If the value of the system property jdk.serialFilter is invalid,
> deserialization should not be possible and it should be clear in the
>
The effects of an invalid `jdk.serialFilter` property are not completely
documented. If the value of the system property jdk.serialFilter is invalid,
deserialization should not be possible and it should be clear in the
specification.
Specify an implementation specific exception is thrown in
10 matches
Mail list logo