You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Yoshiyuki Ohtake (JIRA)" <ji...@apache.org> on 2019/07/24 03:21:00 UTC

[jira] [Commented] (COLLECTIONS-721) functors.InvokerTransformer backward incompatibility bug

    [ https://issues.apache.org/jira/browse/COLLECTIONS-721?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16891559#comment-16891559 ] 

Yoshiyuki Ohtake commented on COLLECTIONS-721:
----------------------------------------------

InvokerTransformerクラスからSerializableの実装を外したことが原因です。
JavaDocコメントでは脆弱性対応のためとあります。

> functors.InvokerTransformer backward incompatibility bug
> --------------------------------------------------------
>
>                 Key: COLLECTIONS-721
>                 URL: https://issues.apache.org/jira/browse/COLLECTIONS-721
>             Project: Commons Collections
>          Issue Type: Bug
>    Affects Versions: 4.1, 4.2, 4.3
>            Reporter: xia0c
>            Priority: Major
>              Labels: performance
>
> The following code snippets throw a NotSerializableException. It works well before commons-collections4 4.0 and commons-collection3. When I update it to 4.1 or newer versions, it failed.
> {code:java}
> 	@Test
> 	public void Demo() throws IOException{
> 		InvokerTransformer transformer = new InvokerTransformer("toString", new Class[]{}, new Object[]{});
>         Queue priorityQueue = new PriorityQueue(2, new TransformingComparator(transformer));
>         priorityQueue.add(1);
>         
>         ByteArrayOutputStream bout = new ByteArrayOutputStream();
>         ObjectOutputStream out = new ObjectOutputStream(bout);
>         out.writeObject(priorityQueue);
> 		
> 		}
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)