Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ORG] RU-MAKEAPP: Prevent Java deserialization of internal classes (#1991) #3

Merged
merged 1 commit into from
Oct 14, 2021

Conversation

sakibguy
Copy link
Owner

Adversaries might be able to forge data which can be abused for DoS attacks.
These classes are already writing a replacement JDK object during serialization
for a long time, so this change should not cause any issues.

Adversaries might be able to forge data which can be abused for DoS attacks.
These classes are already writing a replacement JDK object during serialization
for a long time, so this change should not cause any issues.
@sakibguy sakibguy added the documentation Improvements or additions to documentation label Oct 14, 2021
@sakibguy sakibguy self-assigned this Oct 14, 2021
@sakibguy sakibguy merged commit 2847fda into sakibguy:master Oct 14, 2021
@sakibguy sakibguy changed the title Prevent Java deserialization of internal classes (#1991) RU-MAKEAPP: Prevent Java deserialization of internal classes (#1991) Dec 31, 2022
@sakibguy sakibguy changed the title RU-MAKEAPP: Prevent Java deserialization of internal classes (#1991) [ORG] RU-MAKEAPP: Prevent Java deserialization of internal classes (#1991) Mar 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants