Consider security implications of proxy implementation

Description

Per the explanation in CLJ-2204, AOT compiled proxies of Serializable/Externalizable classes are susceptible to misuse for deserialization attacks. We should consider modifications to proxy to detect and warn or prevent this kind of misuse.

Environment

None

Activity

Show:
chouser
July 18, 2017, 5:06 AM

Superceded by

Duplicate

Assignee

chouser

Reporter

Alex Miller

Labels

Approval

None

Patch

None

Priority

Major