Is your feature request related to a problem? Please describe.
Serialization is one of the biggest security problems in many programming languages, it isn’t just a JVM problem. Hackers can use tools designed to deliver a serialization exploit chain.
Describe the solution you'd like
The solution came in Java 9 in the form of serialization filtering as part of JEP 290. There are critical patch updates for older JDKs such as JDK 8u121.
Serialization filtering requires no code changes and we can enable it via global configuration or command line.
https://foojay.io/today/java-serialization-filtering-prevent-0-day-security-vulnerabilities/
achmelo
commented
1 year ago
Is your feature request related to a problem? Please describe. Serialization is one of the biggest security problems in many programming languages, it isn’t just a JVM problem. Hackers can use tools designed to deliver a serialization exploit chain.
Describe the solution you'd like The solution came in Java 9 in the form of serialization filtering as part of JEP 290. There are critical patch updates for older JDKs such as JDK 8u121. Serialization filtering requires no code changes and we can enable it via global configuration or command line. https://foojay.io/today/java-serialization-filtering-prevent-0-day-security-vulnerabilities/