You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Zixuan Liu (Jira)" <ji...@apache.org> on 2021/08/05 07:23:00 UTC

[jira] [Created] (HBASE-26171) XmlMessageRenderer has the risk of XStream deserialization

Zixuan Liu created HBASE-26171:
----------------------------------

             Summary: XmlMessageRenderer has the risk of XStream deserialization
                 Key: HBASE-26171
                 URL: https://issues.apache.org/jira/browse/HBASE-26171
             Project: HBase
          Issue Type: Improvement
            Reporter: Zixuan Liu


XmlMessageRenderer.getXstream() method:

```
public XStream getXstream() {
 if (xstream == null) {
 xstream = new XStream();
 }
 return xstream;
 }

```
There is a risk of XStream deserialization.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)