You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Scott Werner (Jira)" <ji...@apache.org> on 2023/02/13 17:36:00 UTC

[jira] [Created] (ARTEMIS-4167) Enhance deserialization filter beyond black/whitelist functionality

Scott Werner created ARTEMIS-4167:
-------------------------------------

             Summary: Enhance deserialization filter beyond black/whitelist functionality
                 Key: ARTEMIS-4167
                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4167
             Project: ActiveMQ Artemis
          Issue Type: New Feature
            Reporter: Scott Werner


Now that Artemis is Java 11+ compatible, there is now the ability to set an ObjectInputFilter on an ObjectInputStream. There are also built in methods to generate filters similar to the current syntax and offers many other features out of the box. A global jvm property (jdk.serialFilter) can be set, but this is quite restrictive. I suggest adding a new serial filter pattern and class name of an ObjectInputFilter implementation, everywhere blacklist/whitelist exist today. In time we can look into converting the existing black/whitelist to the new format or just deprecating as the semantics are a bit different and may not be able to make it 100% compatible.

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)