Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8155760 Implement Serialization Filtering
  3. JDK-8162790

Release Note: Serialization Filter Configuration

    XMLWordPrintable

Details

    Backports

      Description

        Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness.
        Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization.
        Filters are set using either a system property or a configured security property.
        The value of the "jdk.serialFilter" patterns are described in [JEP 290 Serialization Filtering](http://openjdk.java.net/jeps/290) and in <JRE>/lib/security/java.security.
        Filter actions are logged to the 'java.io.serialization' logger, if enabled.

        Attachments

          Issue Links

            Activity

              People

                rriggs Roger Riggs
                rriggs Roger Riggs
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: