RFR 8197595: Serialization javadoc should link to security best practices
Lance Andersen
lance.andersen at oracle.com
Wed Mar 28 18:13:13 UTC 2018
Hi Roger,
Looks good to go to me!
Best
Lance
> On Mar 28, 2018, at 1:27 PM, Roger Riggs <Roger.Riggs at Oracle.com> wrote:
>
> Hi,
>
> Updated with editorial suggestions.
>
> webrev:
> http://cr.openjdk.java.net/~rriggs/webrev-serialwarn-8197595/index.html <http://cr.openjdk.java.net/%7Erriggs/webrev-serialwarn-8197595/index.html>
>
> javadoc:
> http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html <http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html>
>
> Thanks for the reviews, Roger
>
> On 3/23/2018 12:57 PM, Lance Andersen wrote:
>> Looks good to me also Roger with Sean’s suggestions :-)
>>
>>> On Mar 23, 2018, at 10:12 AM, Roger Riggs <Roger.Riggs at oracle.com <mailto:Roger.Riggs at oracle.com>> wrote:
>>>
>>> Please review adding a warning and a link to the Secure Coding Guidelines
>>> and the new Serial Filter guide[2] included in the JDK 10 docs.
>>> The warnings are added to Serializable, ObjectInputStream, ObjectInputFilter and
>>> the java.io <http://java.io/> package summary.
>>>
>>> webrev:
>>> http://cr.openjdk.java.net/~rriggs/webrev-serialwarn-8197595/index.html <http://cr.openjdk.java.net/%7Erriggs/webrev-serialwarn-8197595/index.html>
>>>
>>> javadoc:
>>> http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html <http://cr.openjdk.java.net/~rriggs/serialwarn/api/java.base/java/io/package-summary.html>
>>>
>>> Thanks, Roger
>>>
>>> [2] https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-3ECB288D-E5BD-4412-892F-E9BB11D4C98A <https://docs.oracle.com/javase/10/core/serialization-filtering1.htm#JSCOR-GUID-3ECB288D-E5BD-4412-892F-E9BB11D4C98A>
>>>
>>>
>>
>> <oracle_sig_logo.gif> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
>> <http://oracle.com/us/design/oracle-email-sig-198324.gif> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
>> <http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037
>> Oracle Java Engineering
>> 1 Network Drive
>> Burlington, MA 01803
>> Lance.Andersen at oracle.com <mailto:Lance.Andersen at oracle.com>
>>
>>
>>
>
<http://oracle.com/us/design/oracle-email-sig-198324.gif>
<http://oracle.com/us/design/oracle-email-sig-198324.gif> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
<http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037
Oracle Java Engineering
1 Network Drive
Burlington, MA 01803
Lance.Andersen at oracle.com <mailto:Lance.Andersen at oracle.com>
More information about the core-libs-dev
mailing list