RFR: 8261160: Add a deserialization JFR event
Chris Hegarty
chegar at openjdk.java.net
Wed Feb 10 16:09:42 UTC 2021
On Tue, 9 Feb 2021 12:35:27 GMT, Chris Hegarty <chegar at openjdk.org> wrote:
> This issue adds a new event to improve diagnostic information of Java deserialization. The event captures the details of deserialization activity from ObjectInputStream. The event details are similar to that of the serial filter, but is agnostic of whether a filter is installed or not. The event also captures the filter status, if there is one.
The logging in ObjectInputStream remains conditional on whether a filter is installed, which that seems reasonable since the logging is filter specific, while the JRF event is not (but both carry effectively the same information).
The new jdk.Deserialization event uses a String to carry the filterStatus value. The value could be represented by its enum ordinal, but then the tool consuming the event would need to map that back to its string value to be meaningful.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2479
More information about the security-dev
mailing list