[
https://issues.apache.org/jira/browse/GEODE-10537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10537:
---------------------------------
Description: Publish Apache Geode 2.0.0 User Guide to
https://geode.apache.org/docs/ (was: *Description:*
Review the new security documentation for HTTP Session Management that
describes configuring ObjectInputFilter (JEP 290) to protect against
deserialization vulnerabilities.
*Documentation Location:*
session_security_filter.html.md.erb
*Key Content Areas:*
# *Overview* - Application-level security using JEP 290 ObjectInputFilter
# *Security Warning* - Explains risks of unprotected deserialization (RCE, DoS)
# *Configuration* - Step-by-step setup in web.xml with pattern syntax
# *Pattern Syntax* - JEP 290 filter patterns (allowlist/denylist rules)
# *Examples* - Real-world configurations (e-commerce, multi-module apps)
# *Multi-App Deployments* - Isolated security policies per web application
# *Best Practices* - Explicit allowlists, default-deny, specific packages
# *Troubleshooting* - Common issues and solutions
# *Migration Guide* - Steps for existing applications, backward compatibility
*Review Focus:*
* Technical accuracy of JEP 290 filter syntax and behavior
* Clarity of security warnings and best practices
* Completeness of configuration examples
* Usefulness of troubleshooting guidance
* Documentation structure and navigation
*Related PR:* #7966 - GEODE-10535 Secure Session Deserialization)
> Publish Apache Geode 2.0.0 User Guide
> -------------------------------------
>
> Key: GEODE-10537
> URL: https://issues.apache.org/jira/browse/GEODE-10537
> Project: Geode
> Issue Type: Improvement
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> Publish Apache Geode 2.0.0 User Guide to https://geode.apache.org/docs/
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
