Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47736

JEP-200: Switch Remoting/XStream blacklist to a whitelist

    Details

    • Epic Name:
      JEP-200: Switch Remoting/XStream blacklist to a whitelist
    • Similar Issues:

      Description

      Currently Remoting and XStream2 share a blacklist of classes thought to be dangerous to deserialize, due to historically reported remote code execution attacks. We should instead switch to a whitelist, plus some categorical exemptions.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: