当前位置:网站首页>Fastjson enables safemode, closes autotype, and removes security vulnerabilities
Fastjson enables safemode, closes autotype, and removes security vulnerabilities
2022-06-12 03:24:00 【Wangyue Lake】
fastjson Turn on safeMode, close autoType, Remove security vulnerabilities
stay 1.2.68 Later versions , stay 1.2.68 In the version ,fastjson Added safeMode Support for .safeMode After opening , Completely disabled autoType. All security fixes sec10 Also support SafeMode To configure .
There are three ways to configure SafeMode, as follows :
1. Configure... In code
ParserConfig.getGlobalInstance().setSafeMode(true);
Be careful , If you use new ParserConfig The way , Need to pay attention to singleton handling , Otherwise, it will lead to low performance full gc.
2. add JVM Launch parameters
-Dfastjson.parser.safeMode=true
If there are multiple package name prefixes , Separated by commas
3. adopt fastjson.properties File configuration .
Through the classpath fastjson.properties File to configure , The configuration is as follows :
fastjson.parser.safeMode=true
边栏推荐
- ics-07
- postgresql基本介绍以及部署使用
- Restful interface design specification [for reference only]
- Kubernetes affinity learning notes
- The road of global evolution of vivo global mall -- multilingual solution
- 简单的数据库连接示例
- Requirements and business model analysis requirements 13 data modeling
- Data flow diagram of Flink
- laravel 8 选用 jwt 进行接口验证
- oralce 处理列转行的三种方式 最后生成表格样式数据
猜你喜欢
顺序表与链表-----进阶
Three ways for ORALCE to process column to row conversion and finally generate table style data
Hudi of data Lake (14): basic concepts of Apache Hudi
微服务概念及介绍
分数大小的比较
KV storage separation principle and performance evaluation of nebula graph
What is the core of Web3?
Batch automated e-mail: Vika Vige table x Tencent Qianfan scene connector has made new moves, and business communication and event marketing only need 3 steps
Sequence list and linked list ----- advanced
Machine learning - dimensionality reduction (data compression, data visualization)
随机推荐
What is the difference between the gin framework of golang and the various methods of receiving parameters and various bindings?
The idea of setting the flash memory management and resource size, and the quantitative relationship among parallelism, slot, and taskmanager quantity
微信小程序項目實例——體質計算器
Leetcode 6[finding rules] Z-transform the leetcode path of heroding
Application of residual pressure monitoring system in high-rise civil buildings
Go syntax variable
Application of ard3m motor protector in coal industry
Wechat applet project example - Fitness calculator
Introduce the functions of the new project aleo
推荐6款办公软件,好用还免费,效率翻倍
TCP three handshakes and four waves
string manipulation:
CA證書及密鑰對應用筆記
2020-12-06
利用ssh公钥传输文件
2020-12-17
errno: -4078, code: ‘ECONNREFUSED‘, syscall: ‘connect‘, address: ‘127.0.0.1‘, port: 3306; Postman error
Computer configuration suggestions for learning modeling
根据变换矩阵进行图像拼接
Oracle sequence