Versions Compared

Old Version 25

changes.mady.by.user Jacques Le Roux

Saved on

compared with

New Version 26

changes.mady.by.user Jacques Le Roux

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because of

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyOFBIZ-10837
we needed to fix another issue related to ObjectInputStream class. If you encouter a related issue (classe object not in the whitelist), you must provide a complete list of objects you need to pass to ObjectInputStream in ListOfSafeObjectsForInputStream through ListOfSafeObjectsForInputStream property ( in SafeObjectInputStream.properties file). As an example, it's the a complete list of objects  used by OFBiz OOTB is commented out by default . OFBiz uses it's own whitelist and you there. You will need to add your objects/classes to this list.


OWASP article (with good references at bottom)

...