Uploaded image for project: 'BxMS Documentation'
  1. BxMS Documentation
  2. BXMSDOC-7598

Mention XStream security change in Release Notes

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • None
    • 7.11
    • Other
    • None
    • 2021 Week 22-24 (from May 31)
    • 1
    • Undefined

      DROOLS-6270/RHDM-1692 let BatchExecutionHelperProviderImpl.newXStreamMarshaller() create secure XStream instance. It means the XStream instance accepts only pre-defined kie classes in payloads by default. If users use the XStream instance created in that way, they need to add allowed classes (e.g. domain model classes) in their application code.
      for example)

              final BatchExecutionHelperProviderImpl batchExecutionHelperProvider = new BatchExecutionHelperProviderImpl();
        XStream xstreamMarshaller = batchExecutionHelperProvider.newXStreamMarshaller();
        String[] allowList = new String[]{
                                          "org.example.model.Person",
                                          "org.example.model.Company"
        };
        xstreamMarshaller.addPermission( new WildcardTypePermission( allowList ) );

      Please add it to Release Notes "New Features" chapter.

              kaldesai Kalyani Desai
              rhn-support-tkobayas Toshiya Kobayashi
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: