Closed qxyuan853 closed 5 months ago
I would suggest that more flexible configuration of deserialization security checks could be added in the future to allow users to adjust specific defense strategies according to their needs. For example, to further improve the blacklist, or to change the AllowListChecker.CheckLevel
(to set different levels of stringency) according to business needs.
Added some disabled classes for enhanced protection.