On Fri, 30 Sep 2022 11:00:28 GMT, Kevin Walls <kev...@openjdk.org> wrote:
> Set the management.properties > "com.sun.management.jmxremote.serial.filter.pattern" value by default, to > restrict types that can be deserialized. > > Use the example value from the Core Libraries guide (see section 2. > Serialization Filtering / Built-in Filters / Filters for JMX), plus Subject > which is needed when using authentication. > > The sun/management tests run OK with this change. The existing test > sun/management/jmxremote/startstop/JMXStartStopTest.java will fail if the > filter specified is made too restrictive. This pull request has now been integrated. Changeset: 628820f4 Author: Kevin Walls <kev...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/628820f47ef9c9ad3cc62e68db9c4dbc7e659154 Stats: 48 lines in 2 files changed: 36 ins; 1 del; 11 mod 8283093: JMX connections should default to using an ObjectInputFilter Reviewed-by: dfuchs, sspitsyn ------------- PR: https://git.openjdk.org/jdk/pull/10507
