-
Sub-task
-
Resolution: Delivered
-
P4
-
20
In this release, the JDK implementation of the LDAP provider no longer supports deserialization of Java objects by default:
* The default value of the `com.sun.jndi.ldap.object.trustSerialData` system property has been updated to `false`.
* The scope of the `com.sun.jndi.ldap.object.trustSerialData` system property has been extended to cover the reconstruction of RMI remote objects from the `javaRemoteLocation` LDAP attribute.
The transparent deserialization of Java objects from an LDAP context will now require an explicit opt-in. Applications that rely on reconstruction of Java objects or RMI stubs from the LDAP attributes would need to set the `com.sun.jndi.ldap.object.trustSerialData` system property to `true`.
* The default value of the `com.sun.jndi.ldap.object.trustSerialData` system property has been updated to `false`.
* The scope of the `com.sun.jndi.ldap.object.trustSerialData` system property has been extended to cover the reconstruction of RMI remote objects from the `javaRemoteLocation` LDAP attribute.
The transparent deserialization of Java objects from an LDAP context will now require an explicit opt-in. Applications that rely on reconstruction of Java objects or RMI stubs from the LDAP attributes would need to set the `com.sun.jndi.ldap.object.trustSerialData` system property to `true`.