You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by fp...@apache.org on 2020/04/10 17:30:30 UTC
[shiro] branch master updated: Deprecate unsecure XMLSerializer
This is an automated email from the ASF dual-hosted git repository.
fpapon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git
The following commit(s) were added to refs/heads/master by this push:
new 9348dd8 Deprecate unsecure XMLSerializer
new 75b6a56 Merge pull request #206 from fpapon/XMLSerializer
9348dd8 is described below
commit 9348dd8f9e8f2d33a475f785c93093d4d73b6102
Author: Francois Papon <fp...@apache.org>
AuthorDate: Fri Apr 10 16:19:46 2020 +0200
Deprecate unsecure XMLSerializer
---
lang/src/main/java/org/apache/shiro/io/XmlSerializer.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java b/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
index 12c2a39..583a8ce 100644
--- a/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
+++ b/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
@@ -32,8 +32,9 @@ import java.io.ByteArrayOutputStream;
* <p/>
* <b>NOTE:</b> The JavaBeans XMLEncoder/XMLDecoder only successfully encode/decode objects when they are
* JavaBeans compatible!
- *
+ *
* @since 0.9
+ * @deprecated This class should not be used directly because of unsecure XMLEncoder/XMLDecoder usage.
*/
public class XmlSerializer implements Serializer {