You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by "Juan Cabrerizo (JIRA)" <ji...@apache.org> on 2019/02/14 12:03:00 UTC

[jira] [Resolved] (BROOKLYN-609) Configure security for XStream intances

     [ https://issues.apache.org/jira/browse/BROOKLYN-609?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Juan Cabrerizo resolved BROOKLYN-609.
-------------------------------------
    Resolution: Fixed

Default security has been implemented allowing too any class to be deserialized 
{code:java}
XStream.setupDefaultSecurity(xstream);
xstream.allowTypesByWildcard(new String[] {
"**"
});
{code}
 

> Configure security for XStream intances 
> ----------------------------------------
>
>                 Key: BROOKLYN-609
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-609
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Juan Cabrerizo
>            Priority: Major
>
> After upgrading XStream from 1.4.8 to 1.4.11.1, the console throws this message:
> `Security framework of XStream not initialized, XStream is probably vulnerable`
> To solve that, the XStream  security must be initialized and some set of classes or packages allowed to deserialization must be provided after create new instantiates of XStream 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)