Using the agent in (and only in) whitelist mode is a pretty strong and quick security measure. Calling this a "great solution" still goes against my inner developer soul though. It's pragmatic and a good tool - that I am on board with. (Cool stuff, Eirik) Yet it feels a bit like putting a thumb into a hole to stop the water. People need to re-think their use of reflection and serialization - not cover up bad engineering practices.
Would I want to see this at commons? Not sure. Releases are probably much quicker when it's not anyway :-p Would I love to see e.g. findbugs help find vulnerabilities like that? Definitely! Just my 2 cents Torsten
