Skip to content

Jackson2ExecutionContextStringSerializer: customization #3765

Closed
@fprochazka

Description

@fprochazka

I would like to be able to extend the TRUSTED_CLASS_NAMES without having to copy&paste the entire Jackson2ExecutionContextStringSerializer.

I can see that you had to fix a security vuln in #3732, but it broke (de)serialization in a lot of apps. I have no problem adding the annotations to my classes, but I have no idea how to allow java.util.UUID.

I suggest that you introduce a mechanism, that would allow me to extend the list of trusted classes in case there is a JDK/library class I cannot modify.


Also it's really hard to override the serializer and I had to extend a bunch of configuration and bean factory classes to accomplish it.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions