RFR 8197595: Serialization javadoc should link to security best practices
Roger Riggs
Roger.Riggs at Oracle.com
Wed Mar 28 17:27:42 UTC 2018
Hi,
Updated with editorial suggestions.
webrev:
http://cr.openjdk.java.net/~rriggs/webrev-serialwarn-8197595/index.html
<http://cr.openjdk.java.net/%7Erriggs/webrev-serialwarn-8197595/index.html>
javadoc:
http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html
Thanks for the reviews, Roger
On 3/23/2018 12:57 PM, Lance Andersen wrote:
> Looks good to me also Roger with Sean’s suggestions :-)
>
>> On Mar 23, 2018, at 10:12 AM, Roger Riggs <Roger.Riggs at oracle.com
>> <mailto:Roger.Riggs at oracle.com>> wrote:
>>
>> Please review adding a warning and a link to the Secure Coding Guidelines
>> and the new Serial Filter guide[2] included in the JDK 10 docs.
>> The warnings are added to Serializable, ObjectInputStream,
>> ObjectInputFilter and
>> the java.io <http://java.io> package summary.
>>
>> webrev:
>> http://cr.openjdk.java.net/~rriggs/webrev-serialwarn-8197595/index.html
>> <http://cr.openjdk.java.net/%7Erriggs/webrev-serialwarn-8197595/index.html>
>>
>> javadoc:
>> http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html
>>
>> Thanks, Roger
>>
>> [2]
>> https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-3ECB288D-E5BD-4412-892F-E9BB11D4C98A
>>
>>
>
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
> <http://oracle.com/us/design/oracle-email-sig-198324.gif><http://oracle.com/us/design/oracle-email-sig-198324.gif>
> <http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance
> Andersen| Principal Member of Technical Staff | +1.781.442.2037
> Oracle Java Engineering
> 1 Network Drive
> Burlington, MA 01803
> Lance.Andersen at oracle.com <mailto:Lance.Andersen at oracle.com>
>
>
>
More information about the core-libs-dev
mailing list