Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8347714

Update default value of com.sun.jndi.ldap.object.trustSerialData system property

XMLWordPrintable

    • behavioral
    • medium
    • Applications that rely on deserialization of Java objects or reconstruction of RMI stubs from LDAP attributes (RFC 2713) would need to set the 'com.sun.jndi.ldap.object.trustSerialData' system property to 'true'.
    • System or security property
    • JDK

      Summary

      Change the default value of the com.sun.jndi.ldap.object.trustSerialData system property to "false". This is the only change for the JDK Update CSRs. Unlike the parent CSR, extending the scope of the com.sun.jndi.ldap.object.trustSerialData system property is already implemented in the JDK update releases and isn't required.

      Problem

      The LDAP Naming Service Provider uses the "com.sun.jndi.ldap.object.trustSerialData" system property to control the reconstruction of Java objects from LDAP attributes. By default, the reconstruction is enabled.

      Solution

      The default value of the "com.sun.jndi.ldap.object.trustSerialData" property will be changed to "false". This disables the deserialization of Java objects from LDAP attributes by default. This property can be switched back to "true" by applications to re-enable deserialization from the "javaSerializedData", "javaRemoteLocation", and "javaReferenceAddress" attributes. Note that deserialization from these attributes has been permanently disabled in JDK 24.

      Specification

      The proposed change does not introduce any modifications to the existing specifications. However, the default value of the "com.sun.jndi.ldap.object.trustSerialData" system property is updated.
      A release note is planned to document the change.

            wxiao Weibing Xiao
            aefimov Aleksej Efimov
            Aleksej Efimov, Daniel Fuchs
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: