RFR: 8264859: Implement Context-Specific Deserialization Filters [v3]
Roger Riggs
rriggs at openjdk.java.net
Fri May 21 17:16:59 UTC 2021
On Fri, 21 May 2021 15:58:15 GMT, Chris Hegarty <chegar at openjdk.org> wrote:
>> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Simplify factory interface to BinaryOperator<ObjectInputFilter> and cleanup the example
>
> src/java.base/share/classes/java/io/ObjectInputFilter.java line 56:
>
>> 54: * </strong></p>
>> 55: *
>> 56: * <p>To protect the JVM against deserialization vulnerabilities, application developers
>
> I would personally drop "the JVM", leaving "To protect against deserialization ..", since the protection is applicable to more than the JVM ( applications, libraries, etc).
There's a terminology push and pull about what to call everything in the java runtime.
Some use the term system, a few use JVM, etc. The terminology here came from the JEP.
In this context is it unnecessary.
-------------
PR: https://git.openjdk.java.net/jdk/pull/3996
More information about the core-libs-dev
mailing list