RFR 8197595: Serialization javadoc should link to security best practices

Roger Riggs Roger.Riggs at Oracle.com
Fri Mar 23 14:12:59 UTC 2018


Please review adding a warning and a link to the Secure Coding Guidelines
and the new Serial Filter guide[2] included in the JDK 10 docs.
The warnings are added to Serializable, ObjectInputStream, 
ObjectInputFilter and
the java.io package summary.

webrev:
http://cr.openjdk.java.net/~rriggs/webrev-serialwarn-8197595/index.html

javadoc:
http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html

Thanks, Roger

[2] 
https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-3ECB288D-E5BD-4412-892F-E9BB11D4C98A




More information about the core-libs-dev mailing list