dubbo-hessian-lite
dubbo-hessian-lite copied to clipboard
apache
Hessian Lite for Apache Dubbo
``` java.lang.reflect.InaccessibleObjectException: Unable to make field private byte java.lang.StackTraceElement.format accessible: module java.base does not "opens java.lang" to unnamed module @4563e9ab at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:354) at java.base/java.lang.reflect.AccessibleObject.checkCanSetAccessible(AccessibleObject.java:297) at java.base/java.lang.reflect.Field.checkCanSetAccessible(Field.java:178) at java.base/java.lang.reflect.Field.setAccessible(Field.java:172) at com.alibaba.com.caucho.hessian.io.JavaDeserializer.getFieldMap(JavaDeserializer.java:340)...
- [x] I have searched the [issues](https://github.com/apache/dubbo/issues) of this repository and believe that this is not a duplicate. ### Environment * Dubbo version: 3.0.4 * Operating System version: MAC OS...
rpc返回结果用Stream.collect(Collectors.toList())可以正常返回,用Stream.toList()返回会报错 ``` Caused by: java.lang.UnsupportedOperationException: CollectionDeserializer[interface java.util.List] at com.alibaba.com.caucho.hessian.io.AbstractDeserializer.readObject(AbstractDeserializer.java:127) at com.alibaba.com.caucho.hessian.io.Hessian2Input.readObjectInstance(Hessian2Input.java:2848) at com.alibaba.com.caucho.hessian.io.Hessian2Input.readObject(Hessian2Input.java:2175) at com.alibaba.com.caucho.hessian.io.Hessian2Input.readObject(Hessian2Input.java:2104) at com.alibaba.com.caucho.hessian.io.Hessian2Input.readObject(Hessian2Input.java:2148) at com.alibaba.com.caucho.hessian.io.JavaDeserializer$ObjectListFieldDeserializer.deserialize(JavaDeserializer.java:528) ```
- [x] I have searched the [issues](https://github.com/apache/dubbo/issues) of this repository and believe that this is not a duplicate. ### Environment * Dubbo version: 2.7.9 * Operating System version: linux *...
Support deserialization of nested generics (Byte/Short), such as `List` and `List`.
## 现象 一般会出现两种情况的异常信息: 1. 堆栈中存在索引越界异常, 导致属性无法正常赋值 ```text com.alibaba.com.caucho.hessian.io.HessianFieldException: xxxxx.XXXDTO.xxxField: xxxxx.CorrectType cannot be assigned from null Caused by: java.lang.IndexOutOfBoundsException: Index: 16, Size: 15 ``` 2. 尝试将一个错误的类型赋值到属性上导致赋值失败 ```text com.alibaba.com.caucho.hessian.io.HessianFieldException: xxxxx.XXXDTO.xxxField: xxxxx.WrongType cannot...
I have upgraded the latest version. How to verify whether the cve-2022-39198 deserialization vulnerability still exists
Because `java.util.Map` and `java.util.Set` do not implement the Serializable interface, but https://github.com/apache/dubbo-hessian-lite/commit/99d689cf47c00b664db89bc8dff44dcd595b6ea6 imposes strict restrictions.
this class: com.alibaba.com.caucho.hessian.io.CollectionDeserializer.class CollectionDeserializer.readLengthList.createList() **you can put a length param into this createList method and initialize the collection with length so that the collection will not resize** it will avoid...
