-
Sub-task
-
Resolution: Delivered
-
P4
-
6u141, 7u131, 8u121, 9
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8171013 | 8u121 | Clifford Wayne | P4 | Closed | Delivered | |
JDK-8171012 | 7u131 | Clifford Wayne | P4 | Closed | Delivered | |
JDK-8171010 | 6u141 | Clifford Wayne | P4 | Closed | Delivered |
Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness.
Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization.
Filters are set using either a system property or a configured security property.
The value of the "jdk.serialFilter" patterns are described in [JEP 290 Serialization Filtering](http://openjdk.java.net/jeps/290) and in <JRE>/lib/security/java.security.
Filter actions are logged to the 'java.io.serialization' logger, if enabled.
Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization.
Filters are set using either a system property or a configured security property.
The value of the "jdk.serialFilter" patterns are described in [JEP 290 Serialization Filtering](http://openjdk.java.net/jeps/290) and in <JRE>/lib/security/java.security.
Filter actions are logged to the 'java.io.serialization' logger, if enabled.
- backported by
-
JDK-8171010 Release Note: Serialization Filter Configuration
- Closed
-
JDK-8171012 Release Note: Serialization Filter Configuration
- Closed
-
JDK-8171013 Release Note: Serialization Filter Configuration
- Closed