...
Because of
Jira |
---|
server | ASF JIRA |
---|
serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
---|
key | OFBIZ-10837 |
---|
|
, we needed to fix another issue related to ObjectInputStream class. If you encounter a related issue (object not in the
whitelistallow list), you must provide a complete list of objects to pass to ObjectInputStream through ListOfSafeObjectsForInputStream property in SafeObjectInputStream.properties file. As an example, the a complete list of objects used by OFBiz OOTB is by default there. You will need to add your objects/classes to this
list. With Jira |
---|
server | ASF JIRA |
---|
serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
---|
key | OFBIZ-12167 |
---|
|
we have introduced a way to also put objects in a deny list.
OWASP article (with good references at bottom)
...