You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by "Juan Cabrerizo (JIRA)" <ji...@apache.org> on 2019/02/14 12:03:00 UTC
[jira] [Resolved] (BROOKLYN-609) Configure security for XStream
intances
[ https://issues.apache.org/jira/browse/BROOKLYN-609?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Juan Cabrerizo resolved BROOKLYN-609.
-------------------------------------
Resolution: Fixed
Default security has been implemented allowing too any class to be deserialized
{code:java}
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {
"**"
});
{code}
> Configure security for XStream intances
> ----------------------------------------
>
> Key: BROOKLYN-609
> URL: https://issues.apache.org/jira/browse/BROOKLYN-609
> Project: Brooklyn
> Issue Type: Bug
> Reporter: Juan Cabrerizo
> Priority: Major
>
> After upgrading XStream from 1.4.8 to 1.4.11.1, the console throws this message:
> `Security framework of XStream not initialized, XStream is probably vulnerable`
> To solve that, the XStream security must be initialized and some set of classes or packages allowed to deserialization must be provided after create new instantiates of XStream
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)