当前位置:网站首页>fastjson开启safeMode,关闭autoType,去除安全漏洞
fastjson开启safeMode,关闭autoType,去除安全漏洞
2022-06-12 03:20:00 【望月湖】
fastjson开启safeMode,关闭autoType,去除安全漏洞
在1.2.68之后的版本,在1.2.68版本中,fastjson增加了safeMode的支持。safeMode打开后,完全禁用autoType。所有的安全修复版本sec10也支持SafeMode配置。
有三种方式配置SafeMode,如下:
1.在代码中配置
ParserConfig.getGlobalInstance().setSafeMode(true);
注意,如果使用new ParserConfig的方式,需要注意单例处理,否则会导致低性能full gc。
2. 加上JVM启动参数
-Dfastjson.parser.safeMode=true
如果有多个包名前缀,用逗号隔开
3.通过fastjson.properties文件配置。
通过类路径的fastjson.properties文件来配置,配置方式如下:
fastjson.parser.safeMode=true
边栏推荐
- 【鸿蒙】 使用定时器做一个简单的抢红包小游戏
- 2020-12-10
- [Hongmeng] use the timer to play a simple game of robbing red envelopes
- oracle之用户和表空间
- 微信小程序项目实例——双人五子棋
- Demand and business model innovation - demand 9- prototype
- [string] determine whether S2 is the rotation string 2 of S1
- Lighting Basics: optical model
- PHP life cycle and swoole life cycle
- 3769 moving stones (simulated)
猜你喜欢
Application of acrelcloud-6000 secure power cloud platform in a commercial plaza
Demand and business model innovation - demand 6- stakeholder analysis and hard sampling
Drawcall, batches, setpasscall in unity3d
微信小程序项目实例——我有一支画笔(画画)
Comment prévenir les incendies électriques dans les centres commerciaux?
Paper recommendation: relicv2, can the new self supervised learning surpass supervised learning on RESNET?
![[point cloud compression] variable image compression with a scale hyperprior](/img/d4/4084f64d20c8e622cddef2310d3b6c.png)
[point cloud compression] variable image compression with a scale hyperprior
Hudi of data Lake (14): basic concepts of Apache Hudi
Domestic mobile phones are snubbing low-end consumers, and Nokia provides them with high-quality products
【鸿蒙】 使用定时器做一个简单的抢红包小游戏
随机推荐
1186_ Accumulation of embedded hardware knowledge_ Triode and three electrodes
Summary -day11
Addition and multiplication of large integers;
2020-12-06
2020-12-10
Demand and business model innovation - demand 11 - overview of demand analysis
[Bank Research Report] technology enabled retail finance carbon neutral development report (2022) - download link attached
顺序表与链表-----进阶
1 minute to understand the essential difference between low code and zero code
The rise of another domestic mobile phone chip is close to the height reached by Huawei
如何防止商场电气火灾的发生?
GeForce GTX 2050/2080/3090/A6000自动安装nvidia显卡驱动
[Business Research Report] the salary growth rate report of each industry in 2022 includes regional growth rate - download link is attached
微信小程序项目实例——体质计算器
How to prevent electrical fire in shopping malls?
2020-12-07
分數大小的比較
分布式计算的八大谬论
tcp 三次握手与四次挥手
Oracle sequence