Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8290367 Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
  3. JDK-8294235

Release Note: Update Default Value and Extend the Scope of com.sun.jndi.ldap.object.trustSerialData System Property

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Delivered
    • Icon: P4 P4
    • 20
    • 20
    • core-libs

      In this release, the JDK implementation of the LDAP provider no longer supports deserialization of Java objects by default:

      * The default value of the `com.sun.jndi.ldap.object.trustSerialData` system property has been updated to `false`.

      * The scope of the `com.sun.jndi.ldap.object.trustSerialData` system property has been extended to cover the reconstruction of RMI remote objects from the `javaRemoteLocation` LDAP attribute.

      The transparent deserialization of Java objects from an LDAP context will now require an explicit opt-in. Applications that rely on reconstruction of Java objects or RMI stubs from the LDAP attributes would need to set the `com.sun.jndi.ldap.object.trustSerialData` system property to `true`.

            aefimov Aleksej Efimov
            aefimov Aleksej Efimov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: