Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-7119

Restrict de-serialization mechanism for older serialized cache map in DataStoreCacheUtils to the classes required

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.7, 1.7.14
    • Fix Version/s: 1.6.8, 1.8.0
    • Component/s: blob-plugins
    • Labels:
      None

      Description

      We could use the class https://commons.apache.org/proper/commons-io/javadocs/api-2.5/org/apache/commons/io/serialization/ValidatingObjectInputStream.html to restrict de-serialization to the required classes and throw errors in case of others.

        Attachments

          Activity

            People

            • Assignee:
              amitjain Amit Jain
              Reporter:
              amitjain Amit Jain
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: