...
Because of
Jira |
---|
server | ASF JIRA |
---|
serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
---|
key | OFBIZ-10837 |
---|
|
, we needed to fix another issue related to ObjectInputStream class. If you
encouter encounter a related issue (object not in the
whitelistallow list), you must provide a complete list of objects to pass to ObjectInputStream through ListOfSafeObjectsForInputStream property in SafeObjectInputStream.properties file. As an example, the a complete list of objects used by OFBiz OOTB is
commented out by default there. You will need to add your objects/classes to this list.
With
Jira |
---|
server | ASF JIRA |
---|
serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
---|
key | OFBIZ-12167 |
---|
|
we have introduced a way to also put objects in a deny list and improved it with Jira |
---|
server | ASF JIRA |
---|
serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
---|
key | OFBIZ-12216 |
---|
|
, Jira |
---|
server | ASF JIRA |
---|
serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
---|
key | OFBIZ-12212 |
---|
|
and Jira |
---|
server | ASF JIRA |
---|
serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
---|
key | OFBIZ-12221 |
---|
|
OWASP article (with good references at bottom)
...