Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47736

JEP-200: Switch Remoting/XStream blacklist to a whitelist

    • JEP-200: Switch Remoting/XStream blacklist to a whitelist

      Currently Remoting and XStream2 share a blacklist of classes thought to be dangerous to deserialize, due to historically reported remote code execution attacks. We should instead switch to a whitelist, plus some categorical exemptions.

          [JENKINS-47736] JEP-200: Switch Remoting/XStream blacklist to a whitelist

          Jesse Glick created issue -
          Jesse Glick made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "remoting PR 208 (Web Link)" [ 17952 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "jenkins-test-harness PR 81 (Web Link)" [ 17953 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "core PR 3120 (Web Link)" [ 17954 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "dockerhub-notification PR 16 (Web Link)" [ 17955 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "Draft JEP (Web Link)" [ 17956 ]
          Jesse Glick made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Jesse Glick made changes -
          Remote Link Original: This issue links to "Draft JEP (Web Link)" [ 17956 ]
          Jesse Glick made changes -
          Remote Link New: This issue links to "JEP 200 (Web Link)" [ 17981 ]
          Jesse Glick made changes -
          Remote Link Original: This issue links to "JEP 200 (Web Link)" [ 17981 ]

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: