Statements (163)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Java_2_Platform
|
| gptkbp:addresses |
Deserialization vulnerabilities
|
| gptkbp:affects |
Java developers
|
| gptkbp:author |
gptkb:Martin_Buchholz
|
| gptkbp:collaborated_with |
gptkb:Open_JDK_community
|
| gptkbp:community |
Active user community.
|
| gptkbp:community_engagement |
Engages with the developer community.
Engages with the Java community. |
| gptkbp:community_feedback |
Positive feedback from the Java community.
|
| gptkbp:community_involvement |
Encourages community involvement.
Encourages community contributions. |
| gptkbp:community_support |
Strong community support.
|
| gptkbp:compatibility |
Backward compatible with existing serialization.
Maintains backward compatibility. |
| gptkbp:conformance |
Conforms to Java SE standards.
|
| gptkbp:conformance_testing |
Tested for compliance with Java standards.
|
| gptkbp:contribution |
Contributes to the security model of Java.
|
| gptkbp:created |
2018-09-25
|
| gptkbp:discusses |
2018-03-15
https://openjdk.java.net/jeps/290 |
| gptkbp:ecological_role |
Enhances Java ecosystem security.
|
| gptkbp:educational_resources |
Resources available for learning.
|
| gptkbp:enables |
Fine-grained control over deserialization
|
| gptkbp:end_date |
2018-09-25
|
| gptkbp:enhances |
Potential for future enhancements.
|
| gptkbp:example |
Used in secure web applications.
|
| gptkbp:feature |
Serialization filters
|
| gptkbp:feedback_mechanism |
Open for community feedback.
|
| gptkbp:filter_mechanism |
Allows developers to define filters.
|
| gptkbp:filter_type |
Example of a filter for specific classes.
|
| gptkbp:first_published |
2023-10-01.
|
| gptkbp:future_plans |
Monitor and improve serialization security.
|
| gptkbp:has_community |
Open JDK mailing list.
|
| gptkbp:has_documentation |
Available in Java SE documentation.
|
| https://www.w3.org/2000/01/rdf-schema#label |
JEP 290
|
| gptkbp:impact |
Assessed for impact on applications.
Improved security against deserialization attacks. |
| gptkbp:impact_on_legacy_code |
May require updates to legacy code.
|
| gptkbp:implementation_feedback |
Feedback from implementation experiences.
Feedback from the developer community. |
| gptkbp:implementation_support |
Support available for implementation.
Support for implementation available. |
| gptkbp:implementation_updates |
Regular updates for implementation.
|
| gptkbp:improves |
Application security
Serialization process |
| gptkbp:influences |
Future serialization proposals
|
| gptkbp:introduced_in |
gptkb:Java_SE_11
gptkb:Java_SE_9 |
| gptkbp:involved_technology |
Java RMI, Java EE.
|
| gptkbp:is_a_resource_for |
Resources available for the community.
Resources for the developer community. |
| gptkbp:is_adopted_by |
Cloud services
Open source projects Enterprise applications Widely adopted in enterprise applications. Adopted in Java SE 11. |
| gptkbp:is_aligned_with |
Industry standards
|
| gptkbp:is_analyzed_in |
Case studies
Security audits |
| gptkbp:is_cited_in |
Security best practices
Technical documentation |
| gptkbp:is_described_as |
Technical articles
|
| gptkbp:is_discussed_in |
gptkb:Java_Community_Process
Webinars Developer forums |
| gptkbp:is_documented_in |
Release notes
Java documentation |
| gptkbp:is_evaluated_by |
Technical committees
Security researchers |
| gptkbp:is_explored_in |
gptkb:Workshops
Research projects |
| gptkbp:is_implemented_in |
gptkb:Java_Runtime_Environment
gptkb:Java_SE_9 Java developers Resources for developers. Java. Fully implemented. Challenges in adoption. Addressing legacy serialization issues. Challenges in legacy systems. Examples provided for developers. Implemented in the Java platform. Notes on implementation details. Resources for implementation. |
| gptkbp:is_integrated_with |
Java development tools
|
| gptkbp:is_motivated_by |
To improve security by allowing applications to define which classes can be deserialized.
|
| gptkbp:is_part_of |
gptkb:Java_SE_platform
Java security enhancements |
| gptkbp:is_practiced_in |
Promotes best practices in serialization.
|
| gptkbp:is_promoted_by |
gptkb:Oracle_Corporation
Java user groups |
| gptkbp:is_referenced_in |
Academic papers
Software development kits |
| gptkbp:is_related_to |
gptkb:JEP_220
|
| gptkbp:is_reviewed_by |
Peer reviews
Java experts |
| gptkbp:is_supported_by |
gptkb:Java_libraries
Community contributions IDE plugins |
| gptkbp:is_tested_for |
Continuous integration systems
Java testing frameworks |
| gptkbp:is_used_in |
Web applications
|
| gptkbp:key_feature |
Serialization filter mechanism.
|
| gptkbp:latest_version |
1.0.
|
| gptkbp:notable_production |
Influences development methodologies.
Influences development practices. |
| gptkbp:performance |
Minimal impact on performance.
|
| gptkbp:plot_summary |
This JEP proposes a mechanism for defining serialization filters.
|
| gptkbp:presented_by |
Conferences
|
| gptkbp:project |
Open JDK projects.
|
| gptkbp:proposed_by |
gptkb:Oracle
gptkb:Oracle_Corporation |
| gptkbp:provides |
Filter mechanism for serialization
|
| gptkbp:provides_guidance_on |
Guidelines for developers.
Guidelines for implementing filters. |
| gptkbp:published_in |
September 2017
|
| gptkbp:purpose |
Enhance security of Java serialization
|
| gptkbp:reduces |
Risk of remote code execution
|
| gptkbp:regulatory_compliance |
Advisory for developers on serialization.
Raises awareness of serialization security. Raises security awareness. |
| gptkbp:related_concept |
ISO/ IEC 23271.
|
| gptkbp:related_jdk |
JDK 11.
|
| gptkbp:related_jeps |
JEP 220, JEP 341
|
| gptkbp:related_to |
gptkb:JEP_220
Java Serialization Java serialization |
| gptkbp:released |
gptkb:Java_SE_11
|
| gptkbp:requires |
gptkb:JEP_220
gptkb:JEP_221 Configuration of filters Java 9 or later |
| gptkbp:reviews |
gptkb:Josh_Bloch
Reviewed by Java community experts. |
| gptkbp:security |
Aligns with industry security policies.
Aligns with security policies. Encourages best practices in serialization. Part of Java's security framework. Part of Java's security model. Promotes security best practices. Recommendations for developers. Recommendations for secure serialization. Mitigates risks of deserialization vulnerabilities. |
| gptkbp:security_features |
Prevents arbitrary object deserialization.
|
| gptkbp:security_framework_integration |
Integrates with Java security frameworks.
Integrates with existing security frameworks. Integrates with security frameworks. |
| gptkbp:security_guidelines |
Guidelines for secure serialization.
|
| gptkbp:security_testing |
Undergoes regular security testing.
|
| gptkbp:security_testing_framework |
Framework for security testing.
Framework for testing security. |
| gptkbp:specification |
Defines a mechanism for specifying serialization filters.
|
| gptkbp:status |
gptkb:Final
|
| gptkbp:supports |
Custom serialization filters
|
| gptkbp:target_audience |
Java developers.
|
| gptkbp:target_jdk |
gptkb:JDK_9
|
| gptkbp:title |
Serialization Filters
|
| gptkbp:updates |
Regular updates for security.
|
| gptkbp:use_case |
Used in applications requiring secure serialization.
|
| gptkbp:user_feedback |
Gathered from user experiences.
|
| gptkbp:bfsParent |
gptkb:JEP_32
gptkb:JEP_33 |
| gptkbp:bfsLayer |
5
|