lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dwe...@apache.org
Subject [lucene-solr] 02/02: Merge forbidden APIs rules.
Date Tue, 17 Dec 2019 12:39:22 GMT
This is an automated email from the ASF dual-hosted git repository.

dweiss pushed a commit to branch gradle-master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git

commit 8906c2ddbe2f22887eb3dcbddd7976d8637bfd40
Author: Dawid Weiss <dweiss@apache.org>
AuthorDate: Tue Dec 17 13:39:10 2019 +0100

    Merge forbidden APIs rules.
---
 gradle/validation/forbidden-apis/defaults.all.txt | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/gradle/validation/forbidden-apis/defaults.all.txt b/gradle/validation/forbidden-apis/defaults.all.txt
index 0a81d03..1e9a706 100644
--- a/gradle/validation/forbidden-apis/defaults.all.txt
+++ b/gradle/validation/forbidden-apis/defaults.all.txt
@@ -58,3 +58,7 @@ java.lang.Float#<init>(double)
 java.lang.Float#<init>(java.lang.String)
 java.lang.Double#<init>(double)
 java.lang.Double#<init>(java.lang.String)
+
+@defaultMessage Java deserialization is unsafe when the data is untrusted. The java developer
is powerless: no checks or casts help, exploitation can happen in places such as clinit or
finalize!
+java.io.ObjectInputStream
+java.io.ObjectOutputStream


Mime
View raw message