Added some disabled classes for enhanced protection.

opensolon / solon

🔥 Java "new" application development Framework: Restrained, concise, EFFICIENT, OPEN, ECOLOGICAL!! 300% higher concurrency 50% memory savings Startup is 10 times faster. Packing 90% smaller; Compatible with java8 ~ java22.

https://solon.noear.org

Apache License 2.0

2.22k stars 221 forks source link

Added some disabled classes for enhanced protection. #254

Closed qxyuan853 closed 5 months ago

qxyuan853 commented 5 months ago

Added some disabled classes for enhanced protection.

qxyuan853 commented 5 months ago

I would suggest that more flexible configuration of deserialization security checks could be added in the future to allow users to adjust specific defense strategies according to their needs. For example, to further improve the blacklist, or to change the AllowListChecker.CheckLevel (to set different levels of stringency) according to business needs.