当前位置:网站首页>Fastjson enables safemode, closes autotype, and removes security vulnerabilities

Fastjson enables safemode, closes autotype, and removes security vulnerabilities

2022-06-12 03:24:00 Wangyue Lake

fastjson Turn on safeMode, close autoType, Remove security vulnerabilities

stay 1.2.68 Later versions , stay 1.2.68 In the version ,fastjson Added safeMode Support for .safeMode After opening , Completely disabled autoType. All security fixes sec10 Also support SafeMode To configure .

There are three ways to configure SafeMode, as follows :

1. Configure... In code 

ParserConfig.getGlobalInstance().setSafeMode(true);

Be careful , If you use new ParserConfig The way , Need to pay attention to singleton handling , Otherwise, it will lead to low performance full gc.
2. add JVM Launch parameters 

-Dfastjson.parser.safeMode=true

If there are multiple package name prefixes , Separated by commas

3. adopt fastjson.properties File configuration .
Through the classpath fastjson.properties File to configure , The configuration is as follows :

fastjson.parser.safeMode=true
原网站

版权声明
本文为[Wangyue Lake]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/163/202206120319553683.html

边栏推荐

猜你喜欢

随机推荐