RFR 8197595: Serialization javadoc should link to security best practices
sean.mullan at oracle.com
Fri Mar 23 14:33:00 UTC 2018
Looks good to me. Minor nit, I would add "the" before "Secure Coding
Guidelines for Java SE".
I would also change "must" to "should" as these are recommended best
practices, and not requirements that we can enforce.
On 3/23/18 10:12 AM, Roger Riggs wrote:
> Please review adding a warning and a link to the Secure Coding Guidelines
> and the new Serial Filter guide included in the JDK 10 docs.
> The warnings are added to Serializable, ObjectInputStream,
> ObjectInputFilter and
> the java.io package summary.
> Thanks, Roger
More information about the core-libs-dev