You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to be able to extend the TRUSTED_CLASS_NAMES without having to copy&paste the entire Jackson2ExecutionContextStringSerializer.
I can see that you had to fix a security vuln in #3732, but it broke (de)serialization in a lot of apps. I have no problem adding the annotations to my classes, but I have no idea how to allow java.util.UUID.
I suggest that you introduce a mechanism, that would allow me to extend the list of trusted classes in case there is a JDK/library class I cannot modify.
Also it's really hard to override the serializer and I had to extend a bunch of configuration and bean factory classes to accomplish it.
awesomekosm, snussbaumer, MinJunKweon, ferrancugat and gary-x-li