3 Replies Latest reply on Jan 4, 2018 8:41 AM by gir489

    How to filter incoming serialization data

    Roland Meuel Newbie

      Is there any way to employ some sort of whitelisting/blacklisting of classes incoming as serialization data like JEP 290: Filter Incoming Serialization Data is providing? Since CVE-2015-4852 (Java Deserialization Vulnerability) this kind of filtering is required in some cases. Unfortunately JEP-290 isn't working with Wildfly 8 and later because of modular class loading and wildfly specific unmarshalling implementation.