JEP 411, removal of finalizers, a path forward.

Michael Bien mbien42 at gmail.com
Sun Aug 1 16:58:42 UTC 2021


On 01.08.21 18:35, Michael Bien wrote:
> On 01.08.21 16:28, Uwe Schindler wrote:
>> The problem is: you deprecate for removal without offering any API to 
>> replace the main pain points:
>> ...
>> - Disable damn java serialization completely
>
> JDK 9+ JVM flag / security property, see JEP 290
>
> -Djdk.serialFilter=!*
>
> regards,
>
> michael
>
(for deserialization only)

-michael



More information about the security-dev mailing list