api-layer icon indicating copy to clipboard operation
api-layer copied to clipboard

Published 20 hours ago verified publisher icon zowe

JDK serialization filtering

Open achmelo opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe. Serialization is one of the biggest security problems in many programming languages, it isn’t just a JVM problem. Hackers can use tools designed to deliver a serialization exploit chain.

Describe the solution you'd like The solution came in Java 9 in the form of serialization filtering as part of JEP 290. There are critical patch updates for older JDKs such as JDK 8u121. Serialization filtering requires no code changes and we can enable it via global configuration or command line. https://foojay.io/today/java-serialization-filtering-prevent-0-day-security-vulnerabilities/

achmelo avatar Mar 13 '23 10:03 achmelo

#2891

achmelo avatar Jun 19 '23 12:06 achmelo