Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-3302

Turn snakeyaml into permissive mode (snakeyaml 1.33.SP)


    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None
    • None

      We are forking snakeyaml 1.33 to apply some fixes which make snakeyaml behave "safer" in default configuration. It's gonna refuse to parse tags that are used as hints for which class to instantiate when deserializing YAML content (a parsing exception is going to be thrown when a tag is encountered).

      Resteasy needs to disable this stricter behavior so that it's able to parse YAML annotated with tags.

      Resteasy already contains whitelisting mechanism (TypeSafeConstructor) to vet which classes are allowed to be instantiated.

            thofman Tomas Hofman
            thofman Tomas Hofman
            0 Vote for this issue
            2 Start watching this issue