Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-10868

Default whitelist should allow primitives, arrays and reference arrays

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 10.1.0.Final
    • 9.4.16.Final, 10.0.0.Final
    • Core
    • None

    Description

      Java serialization whitelist should include primitive wrapper classes and arrays types, if only because it's tedious to specify all of them in the configuration.

      There's a similar argument for adding java.util.ArrayList to the default whitelist, especially to use as keys, because Object[] keys do not work with OBJECT storage (equals() and hashCode() are wrong). I'm not convinced yet, because applications eventually want to use a custom key class, and POCs can get away with converting to String and concatenating.

      Attachments

        Issue Links

          incorporates

          Bug - A problem that impairs or prevents the functions of the product. ISPN-10914 ISPN000936: Class 'java.lang.Boolean' blocked by deserialization white list

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              remerson@redhat.com Ryan Emerson
              dberinde@redhat.com Dan Berindei (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: