search

sofastack / sofa-rpc

SOFARPC is a high-performance, high-extensibility, production-level Java RPC framework.
https://www.sofastack.tech/sofa-rpc/docs/Home
Apache License 2.0
3.81k stars 1.16k forks source link

项目启动提示:WARN | | io.fury.config.FuryBuilder | Class registration isn't forced, unknown classes can be deserialized. If the environment isn't secure, please enable class registration by `FuryBuilder#requireClassRegistration(true)` or configure ClassChecker by `ClassResolver#setClassChecker` #1408

Closed LiJinYu2024 closed 1 week ago

LiJinYu2024 commented 3 months ago

Your question

项目启动提示:WARN | | io.fury.config.FuryBuilder | Class registration isn't forced, unknown classes can be deserialized. If the environment isn't secure, please enable class registration by FuryBuilder#requireClassRegistration(true) or configure ClassChecker by ClassResolver#setClassChecker

Your scenes

更新sofarpc版本后出现的这个提示

Your advice

windows11开发环境

Environment

pandalee99 commented 2 months ago

新版的sofa有了新的序列化器,fury,这个是它的配置。意思是在你使用fury的时候,建议去配置黑白名单的功能,防止不安全的类被序列化/反序列化

OrezzerO commented 2 months ago

From a compatibility perspective:

Whether the new version of SofaRpc defaults to using the Fury serializer. If it does, this should be prominently highlighted in the release notes (and I believe it shouldn't be the default without a change in major version).

If SofaRpc does not default to using the Fury serializer, then this warning should not be reported.

stale[bot] commented 2 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.