Return-Path: X-Original-To: apmail-commons-dev-archive@www.apache.org Delivered-To: apmail-commons-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A6E1C1811B for ; Wed, 18 Nov 2015 21:58:58 +0000 (UTC) Received: (qmail 29329 invoked by uid 500); 18 Nov 2015 21:58:58 -0000 Delivered-To: apmail-commons-dev-archive@commons.apache.org Received: (qmail 29177 invoked by uid 500); 18 Nov 2015 21:58:58 -0000 Mailing-List: contact dev-help@commons.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Commons Developers List" Delivered-To: mailing list dev@commons.apache.org Received: (qmail 29164 invoked by uid 99); 18 Nov 2015 21:58:58 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Nov 2015 21:58:58 +0000 Received: from mail-wm0-f54.google.com (mail-wm0-f54.google.com [74.125.82.54]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id A9BCC1A0288 for ; Wed, 18 Nov 2015 21:58:57 +0000 (UTC) Received: by wmvv187 with SMTP id v187so299989026wmv.1 for ; Wed, 18 Nov 2015 13:58:56 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.194.249.69 with SMTP id ys5mr4119435wjc.97.1447883936324; Wed, 18 Nov 2015 13:58:56 -0800 (PST) Received: by 10.27.186.138 with HTTP; Wed, 18 Nov 2015 13:58:56 -0800 (PST) Date: Wed, 18 Nov 2015 16:58:56 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: =?UTF-8?Q?Eirik_Bj=C3=B8rsn=C3=B8s=27_notsoserial_deserialization_protec?= =?UTF-8?Q?tion_agent=2C_for_Commons=3F?= From: Bertrand Delacretaz To: Commons Developers List Cc: =?UTF-8?B?RWlyaWsgQmrDuHJzbsO4cw==?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Commons PMC, I'd like to introduce Eirik Bj=C3=B8rsn=C3=B8s to this list (CCed) as the a= uthor of the https://github.com/kantega/notsoserial agent. I tested his agent in a variety of scenarios and it looks to me like a great solution for the COLLECTIONS-580 deserialization issue, for cases when one cannot modify their source code to use something like IO-487. I think this code would be a great addition to commons, probably as new mod= ule. Eirik says he's open to donating his code if you the Commons PMC is interested, what do you guys think? Not that he did mention his tool here before [1] but it has since changed n= ame. -Bertrand [1] http://mail-archives.apache.org/mod_mbox/commons-dev/201511.mbox/%3CCA+= pBWhsQK6trGh9TtA7=3DMCs-Z0-7SRBndWo_D6awFtRku3J1+g@mail.gmail.com%3E --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org For additional commands, e-mail: dev-help@commons.apache.org