You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2016/03/18 11:25:33 UTC

[jira] [Created] (OFBIZ-6942) Comment out RMI related code because of the Java deserialization issue

Jacques Le Roux created OFBIZ-6942:
--------------------------------------

             Summary: Comment out RMI related code because of the Java deserialization issue
                 Key: OFBIZ-6942
                 URL: https://issues.apache.org/jira/browse/OFBIZ-6942
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
    Affects Versions: Trunk
            Reporter: Jacques Le Roux
            Assignee: Jacques Le Roux
             Fix For: 14.12.01, 12.04.06, 13.07.03, Upcoming Branch


Because of the danger of Java deserialization when using RMI, we (PMC) have decided to comment out RMI related code. I decided to comment out as less as possible because once the RMI loaders, the RMI dispatcher and the related test services are off there is no RMI related danger left (test services are not a danger but would fail during tests run).  It's then easier for users who need RMI in their projects to have only to uncomment those and not digg everywhere. Because the naming (JNDI) server relies on the rmi loader it will also be commented out.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)