Set the management.properties "com.sun.management.jmxremote.serial.filter.pattern" value by default, to restrict types that can be deserialized.
Use the example value from the Core Libraries guide (see section 2. Serialization Filtering / Built-in Filters / Filters for JMX), plus Subject which is needed when using authentication. The sun/management tests run OK with this change. The existing test sun/management/jmxremote/startstop/JMXStartStopTest.java will fail if the filter specified is made too restrictive. ------------- Commit messages: - 8283093: JMX connections should default to using an ObjectInputFilter Changes: https://git.openjdk.org/jdk/pull/10507/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=10507&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8283093 Stats: 2 lines in 1 file changed: 2 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/10507.diff Fetch: git fetch https://git.openjdk.org/jdk pull/10507/head:pull/10507 PR: https://git.openjdk.org/jdk/pull/10507
