Details
-
Task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
re
-
New
Description
This seems to be deserializing java objects from http streams.
In LUCENE-9094 I marked the usages with SuppressForbidden, just to try to fend off additional serialization from being added to the codebase.
But we should really fix this one!
Attachments
Issue Links
- relates to
-
LUCENE-9094 Ban ObjectInputStream and ObjectOutputStream in forbidden-apis
- Closed