当前位置:网站首页>Fastjson enables safemode, closes autotype, and removes security vulnerabilities
Fastjson enables safemode, closes autotype, and removes security vulnerabilities
2022-06-12 03:24:00 【Wangyue Lake】
fastjson Turn on safeMode, close autoType, Remove security vulnerabilities
stay 1.2.68 Later versions , stay 1.2.68 In the version ,fastjson Added safeMode Support for .safeMode After opening , Completely disabled autoType. All security fixes sec10 Also support SafeMode To configure .
There are three ways to configure SafeMode, as follows :
1. Configure... In code
ParserConfig.getGlobalInstance().setSafeMode(true);
Be careful , If you use new ParserConfig The way , Need to pay attention to singleton handling , Otherwise, it will lead to low performance full gc.
2. add JVM Launch parameters
-Dfastjson.parser.safeMode=true
If there are multiple package name prefixes , Separated by commas
3. adopt fastjson.properties File configuration .
Through the classpath fastjson.properties File to configure , The configuration is as follows :
fastjson.parser.safeMode=true
边栏推荐
- In 2022, why is there a market for Shanzhai products?
- Key points of code neatness (III)
- Comment prévenir les incendies électriques dans les centres commerciaux?
- vim命令大全
- 无限循环判断方法;
- 简单的数据库连接示例
- How do I make the mouse wheel work in the VB6 ide- How can I make mousewheel work in VB6 IDE?
- golang的gin框架,各种接收参数的方式和各种绑定的区别?
- 微信小程序项目实例——我有一支画笔(画画)
- Paper recommendation: relicv2, can the new self supervised learning surpass supervised learning on RESNET?
猜你喜欢
Domestic mobile phones are snubbing low-end consumers, and Nokia provides them with high-quality products
无限循环判断方法;
Introduce the functions of the new project aleo
2022 communication industry ultimate Exhibition Guide
Sparse tensor based point cloud attribute compression
tcp 三次握手与四次挥手
Redis gets the set of keys prefixed with XXX
微信小程序项目实例——体质计算器
How to prevent electrical fire in shopping malls?
![[Business Research Report] Research Report on super automation technology and application (2022) -- download link attached](/img/c9/6d34bed3bde0044270c5dca269d6b9.jpg)
[Business Research Report] Research Report on super automation technology and application (2022) -- download link attached
随机推荐
Demand and business model innovation - demand 10- observation and document review
Oracle users and tablespaces
AI interview bag | Netease mutual entertainment AI Lab artificial intelligence research engineers share on both sides
golang的gin框架,各种接收参数的方式和各种绑定的区别?
C language array
Sequence list and linked list ----- advanced
The idea of setting the flash memory management and resource size, and the quantitative relationship among parallelism, slot, and taskmanager quantity
Min25 sieve
The rise of another domestic mobile phone chip is close to the height reached by Huawei
In 2022, don't you know the difference between arrow function and ordinary function?
1186_ Accumulation of embedded hardware knowledge_ Triode and three electrodes
简单的数据库连接示例
oralce 处理列转行的三种方式 最后生成表格样式数据
MySQL创建用户并授权
如何修改mysql 查询出来的结果名称 结果1,结果2
Functions (arguments, formal parameters, bubbling)
2020-12-12
Yu Xia looks at win system kernel -- debugging
安科瑞抗晃电产品在河北某化工项目的应用
[point cloud compression] variable image compression with a scale hyperprior