Jinwoo Hwang created GEODE-10537:
------------------------------------
Summary: Publish Apache Geode 2.0.0 User Guide
Key: GEODE-10537
URL: https://issues.apache.org/jira/browse/GEODE-10537
Project: Geode
Issue Type: Improvement
Reporter: Jinwoo Hwang
Assignee: Jinwoo Hwang
*Description:*
Review the new security documentation for HTTP Session Management that
describes configuring ObjectInputFilter (JEP 290) to protect against
deserialization vulnerabilities.
*Documentation Location:*
session_security_filter.html.md.erb
*Key Content Areas:*
# *Overview* - Application-level security using JEP 290 ObjectInputFilter
# *Security Warning* - Explains risks of unprotected deserialization (RCE, DoS)
# *Configuration* - Step-by-step setup in web.xml with pattern syntax
# *Pattern Syntax* - JEP 290 filter patterns (allowlist/denylist rules)
# *Examples* - Real-world configurations (e-commerce, multi-module apps)
# *Multi-App Deployments* - Isolated security policies per web application
# *Best Practices* - Explicit allowlists, default-deny, specific packages
# *Troubleshooting* - Common issues and solutions
# *Migration Guide* - Steps for existing applications, backward compatibility
*Review Focus:*
* Technical accuracy of JEP 290 filter syntax and behavior
* Clarity of security warnings and best practices
* Completeness of configuration examples
* Usefulness of troubleshooting guidance
* Documentation structure and navigation
*Related PR:* #7966 - GEODE-10535 Secure Session Deserialization
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
