Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-9116

Server marshallers/transcoders don't support whitelist when deserializing

    Details

      Description

      The server deserializes binary payloads and json/xml payload without any checks. This happens when:

      • Compatibility mode is on
      • Remote listeners with filters
      • Remote iteration with filters
      • Remote tasks with parameters
      • Server is configured with MediaType.APPLICATION_OBJECT
      • Potentially with JSON and XML contents sent via REST

      The remote endpoints affected are REST, Hot Rod and Memcached.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  gustavonalle Gustavo Fernandes
                  Reporter:
                  gustavonalle Gustavo Fernandes
                  Tester:
                  Diego Lovison
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: