当前位置:网站首页>fastjson开启safeMode,关闭autoType,去除安全漏洞
fastjson开启safeMode,关闭autoType,去除安全漏洞
2022-06-12 03:20:00 【望月湖】
fastjson开启safeMode,关闭autoType,去除安全漏洞
在1.2.68之后的版本,在1.2.68版本中,fastjson增加了safeMode的支持。safeMode打开后,完全禁用autoType。所有的安全修复版本sec10也支持SafeMode配置。
有三种方式配置SafeMode,如下:
1.在代码中配置
ParserConfig.getGlobalInstance().setSafeMode(true);
注意,如果使用new ParserConfig的方式,需要注意单例处理,否则会导致低性能full gc。
2. 加上JVM启动参数
-Dfastjson.parser.safeMode=true
如果有多个包名前缀,用逗号隔开
3.通过fastjson.properties文件配置。
通过类路径的fastjson.properties文件来配置,配置方式如下:
fastjson.parser.safeMode=true
边栏推荐
- Wechat applet project example - Fitness calculator
- About 100 to realize the query table? Really? Let's experience the charm of amiya.
- [Bank Research Report] technology enabled retail finance carbon neutral development report (2022) - download link attached
- Exemple de projet d'applet Wechat - calculatrice de constitution
- The road of global evolution of vivo global mall -- multilingual solution
- string manipulation:
- $LastExitCode=0, but $?= False in PowerShell. Redirecting stderr to stdout gives NativeCommandError
- Demand and business model innovation - demand 8- interview
- 2020-12-06
- Simple database connection example
猜你喜欢
ARD3M电动机保护器在煤炭行业中的应用
微信小程序项目实例——双人五子棋
【点云压缩】Sparse Tensor-based Point Cloud Attribute Compression
cupp字典生成工具(同类工具还有crunch)
Paper recommendation: relicv2, can the new self supervised learning surpass supervised learning on RESNET?
Recommend 6 office software, easy to use and free, double the efficiency
![[Hongmeng] use the timer to play a simple game of robbing red envelopes](/img/27/32b65dc90db7f6ece24ad39ff9b0ef.png)
[Hongmeng] use the timer to play a simple game of robbing red envelopes
Convert py file to EXE file
Demand and business model innovation - demand 11 - overview of demand analysis
Demand and business model innovation - demand 8- interview
随机推荐
Redis gets the set of keys prefixed with XXX
2020-12-12
One article to show you how to understand the harmonyos application on the shelves
oralce 处理列转行的三种方式 最后生成表格样式数据
微积分复习2
微信小程序项目实例——体质计算器
[DFS "want" or "don't"] seek subsets; Seeking combination
2020-12-06
3768 string pruning (double pointer)
字符串处理:
oracle之用户和表空间
简单的数据库连接示例
Sparse tensor based point cloud attribute compression
Steamvr--- grab objects
Lighting Basics: optical model
[Business Research Report] analysis report on online attention of China's e-sports industry in 2021 - download link attached
Go 语法 变量
Special information | liquor (Baijiu, beer, wine)
Wechat applet project example - Fitness calculator
errno: -4078, code: ‘ECONNREFUSED‘, syscall: ‘connect‘, address: ‘127.0.0.1‘, port: 3306;postman报错