issues
search
kantega
/
notsoserial
Java Agent which mitigates deserialisation attacks by making certain classes unserializable
Apache License 2.0
185
stars
33
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Rename Whitelist/Blacklist
#35
jlafanatic
opened
4 years ago
0
Is there a Java 11 compatible version for notsoserial?
#34
Shanky2304
opened
5 years ago
3
agent library failed to init: instrument Error
#33
oferbar
opened
6 years ago
0
Fixed a typo in blacklist parsing, clarified variable names
#32
drosenbauer
opened
8 years ago
1
Blacklisting only does not work
#31
drosenbauer
opened
8 years ago
1
Property 'notsoserial.useDefaultBlacklist' for disabling default blacklist
#30
bjorndarri
opened
8 years ago
0
Deserialization not allowed for class jdk.nashorn.internal.ir.FunctionNode
#29
ghost
closed
8 years ago
3
Added support for jboss marshalling (version 1.2 upwards)
#28
RonaldSpierenburg
closed
8 years ago
5
Adding two more classes to the default blacklist, adding extension points for dynamic configuraiton
#27
cgoudie
opened
8 years ago
2
com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl in blacklist
#26
cgoudie
opened
8 years ago
0
Add more classes to blacklist.
#25
wsargent
closed
8 years ago
0
Factor out filewriter logic
#24
wsargent
closed
8 years ago
0
Fix some typos, add more classes
#23
wsargent
closed
8 years ago
0
Wrong/missing blacklist entries
#22
mbechler
opened
8 years ago
0
Feature/issue 18 display travis status
#21
anderius
closed
8 years ago
1
Testing command line start of agent on Windows
#20
eirbjo
closed
8 years ago
2
CustomNotSoSerialIT failing on Windows
#19
anderius
closed
8 years ago
1
Add CI for different platforms
#18
anderius
closed
8 years ago
3
CustomNotSoSerialIT failing on Windows
#17
anderius
closed
8 years ago
4
Pluggable logging / eventing
#16
cgoudie
opened
8 years ago
0
Pluggable whitelist/blacklist
#15
cgoudie
opened
8 years ago
1
Ability to change white/blacklists at runtime?
#14
cgoudie
opened
8 years ago
1
License compliance
#13
eirbjo
closed
8 years ago
0
Created jar doesn't contain the apache license and doesn't contain the asm license
#12
cgoudie
closed
8 years ago
4
Blacklist java.net.URL
#11
thomasmueller
opened
8 years ago
0
Instrument ObjectInputStream.resolveClass instead of each Serializable class
#10
eirbjo
closed
9 years ago
13
static initializers will still be executed
#9
cgoudie
closed
9 years ago
5
blacklisting of packages
#8
cgoudie
closed
9 years ago
0
Name and logo
#7
alexkli
closed
9 years ago
1
test case WithWhitelistIT.emptyWhitelistShouldPreventAttack fails on first run
#6
peterrosell
closed
9 years ago
0
If there is a whitelist, and the class is not whitelisted, could it check to see if it is serialzable before it instruments it?
#5
cgoudie
closed
9 years ago
3
Whitelists with wildcards
#4
cgoudie
closed
9 years ago
1
Allow for builld with Java 1.7
#3
mdobrovnik
closed
9 years ago
1
Remove zero-width space unicode characters
#2
jkaving
closed
9 years ago
1
License not available
#1
zabil
closed
9 years ago
2