It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Oracle removes serialisation from Java Oracle removes serialisation from Java
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Oracle removes serialisation from Java
Reply
 
Thread Tools
Old 29th May 2018, 05:35   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 148,095
Stefan Mileschin Freshly Registered
Default Oracle removes serialisation from Java

Changing the dog's breakfast

Oracle plans to drop serialisation feature from Java which has been causing it huge security problems.

Serialisation is used to encode objects into streams of bytes and it was introduced in 1997. Nearly a third to a half of Java vulnerabilities have involved serialisation. This is mostly because while it is easy to use, in simple use cases it is easier to misuse.

Oracle had been making its removal part of Project Amber, which is focused on productivity-oriented Java language features.

Mark Reinhold, chief architect of the Java platform group at Oracle, said the idea is to install a small serialisation framework into the platform once records, the Java version of data classes, are supported.

The framework could support a graph of records, and developers could plug in a serialisation engine of their choice, supporting formats such as JSON or XML, enabling serialisation of records in a safe way.

Reinhold said it was not clear which release of Java will have the records capability.

Recently, a filtering capability was added to Java so if serialisation is being used on a network and untrusted serialisation data streams must be accepted, there is a way to filter which classes can be mentioned, to provide a defence mechanism against serialisation’s security weaknesses.

https://fudzilla.com/news/46384-orac...tion-from-java
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Oracle official appeals the Java case Stefan Mileschin WebNews 0 31st October 2016 06:15
Oracle to give up on Java plug-in Stefan Mileschin WebNews 0 18th September 2016 16:39
Oracle denies it is killing off Java EE Stefan Mileschin WebNews 0 10th July 2016 15:52
Oracle releases Java mega patch Stefan Mileschin WebNews 0 16th July 2015 09:34
CloudBee boss fears Oracle Java stranglehold Stefan Mileschin WebNews 0 2nd April 2013 08:00
Oracle's Java exploit may take years to fix Stefan Mileschin WebNews 0 18th January 2013 08:56
Oracle Says Java Update Scheduled for Tuesday Stefan Mileschin WebNews 0 14th January 2013 12:30
AMD and Oracle to Explore Heterogeneous Computing for Java Stefan Mileschin WebNews 0 2nd October 2012 08:33
Oracle patches Java vulnerability Stefan Mileschin WebNews 0 3rd September 2012 08:41
Oracle to Issue 14 Patches for Java SE Stefan Mileschin WebNews 0 11th June 2012 08:47

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 15:49.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO