uschindler commented on PR #15237: URL: https://github.com/apache/lucene/pull/15237#issuecomment-3341860815
Hi @rmuir, I changed the serialization filter installation to work in the same way like SecurityManager in the past. It gets installed by the Gradle infrastructure by system property into the JVM. To still allow Gradle to do serialization, it is whitelisted in the same way like Gradle was allowed to exit with System.exit(). The whole thing works by a SerializationFilterFactory that is installed via cmd line (its implemented in test framework) and it takes care of installing a deny-all-only-allow-gradle deserialization in cases that the code using deserialization is not installing a filter on its own. Can you review? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
