You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by fp...@apache.org on 2020/04/10 17:30:30 UTC

[shiro] branch master updated: Deprecate unsecure XMLSerializer

This is an automated email from the ASF dual-hosted git repository.

fpapon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git


The following commit(s) were added to refs/heads/master by this push:
     new 9348dd8  Deprecate unsecure XMLSerializer
     new 75b6a56  Merge pull request #206 from fpapon/XMLSerializer
9348dd8 is described below

commit 9348dd8f9e8f2d33a475f785c93093d4d73b6102
Author: Francois Papon <fp...@apache.org>
AuthorDate: Fri Apr 10 16:19:46 2020 +0200

    Deprecate unsecure XMLSerializer
---
 lang/src/main/java/org/apache/shiro/io/XmlSerializer.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java b/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
index 12c2a39..583a8ce 100644
--- a/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
+++ b/lang/src/main/java/org/apache/shiro/io/XmlSerializer.java
@@ -32,8 +32,9 @@ import java.io.ByteArrayOutputStream;
  * <p/>
  * <b>NOTE:</b> The JavaBeans XMLEncoder/XMLDecoder only successfully encode/decode objects when they are
  * JavaBeans compatible!
- * 
+ *
  * @since 0.9
+ * @deprecated This class should not be used directly because of unsecure XMLEncoder/XMLDecoder usage.
  */
 public class XmlSerializer implements Serializer {