...
Because of
| Jira |
|---|
| server | ASF JIRA |
|---|
| serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
|---|
| key | OFBIZ-10837 |
|---|
|
, we needed to fix another issue related to ObjectInputStream class. If you encounter a related issue (object not in the
whitelistallow list), you must provide a complete list of objects to pass to ObjectInputStream through ListOfSafeObjectsForInputStream property in SafeObjectInputStream.properties file. As an example, the a complete list of objects used by OFBiz OOTB is by default there. You will need to add your objects/classes to this
list. With | Jira |
|---|
| server | ASF JIRA |
|---|
| serverId | 5aa69414-a9e9-3523-82ec-879b028fb15b |
|---|
| key | OFBIZ-12167 |
|---|
|
we have introduced a way to also put objects in a deny list.
OWASP article (with good references at bottom)
...