In this release, new system and security properties are introduced to allow more granular control over the set of JNDI object factories allowed to reconstruct Java objects from JNDI/LDAP and JNDI/RMI contexts:

* The new `jdk.jndi.ldap.object.factoriesFilter` property specifies which object factory classes are allowed to instantiate Java objects from object references returned by JNDI/LDAP contexts. Its default value only allows object factories defined in the `java.naming` module.

* The new `jdk.jndi.rmi.object.factoriesFilter` property specifies which object factory classes are allowed to instantiate Java objects from object references returned by JNDI/RMI contexts. Its default value only allows object factories defined in the `jdk.rmi` module.

These new factory filter properties complement the `jdk.jndi.object.factoriesFilter` global factories filter property by determining if a specific object factory is permitted to instantiate objects for the LDAP or RMI protocols used in JNDI.

An application depending on custom object factories to recreate Java objects from JNDI/LDAP or JNDI/RMI contexts will need to supply a security or system property with an updated value to allow such third-party object factories to reconstruct LDAP or RMI objects. If usage of a factory is denied, the lookup operation may result in a plain instance of `javax.naming.Reference` instance returned, which may lead to a `ClassCastException` being thrown in the application.

For more information, see the [java.naming](https://download.java.net/java/early_access/jdk20/docs/api/java.naming/module-summary.html) and [jdk.naming.rmi](https://download.java.net/java/early_access/jdk20/docs/api/jdk.naming.rmi/module-summary.html) module-info documentation.