Oracle has signaled there are big changes on the way for how Java handles serialized objects. Java Platform Chief Architect Mark Reinhold describes the decision in 1997 to adopt the current serialization feature as a "horrible mistake."
Reinhold also claims that as many as half of all Java vulnerabilities are linked to the current serialization approach. Still, Reinhold has not committed to a release schedule for replacing serialization.
from DZone.com Feed https://ift.tt/2LMnw0t
No comments:
Post a Comment