Uploaded image for project: 'Spring Data Redis'
  1. Spring Data Redis
  2. DATAREDIS-780

Up-to-date guidelines for serialization usage

    Details

    • Sprint:
      Lovelace M2 / M3

      Description

      Over the past few years, several incidents were related to using serialization-based message formats from untrusted data sources. We need to update our guidelines accordingly. While we generally recommend against Java serialization there are some recent efforts that allow for controlled exposure there, in particular the serialization filter that recently got introduced at JDK level (https://blogs.oracle.com/java-platform-group/entry/incoming_filter_serialization_data_a).

        Attachments

          Activity

            People

            • Assignee:
              mp911de Mark Paluch
              Reporter:
              mp911de Mark Paluch
              Last updater:
              Mark Paluch
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: