dubbo-2.6.10.1
Notice
1. ScriptRouter
ScriptRouter will not be activated defaultly. If user still wants use it, please add scriptRouterFactory in selfs spi file.
See dubbo-cluster/src/test/resources/META-INF/dubbo/internal/org.apache.dubbo.rpc.cluster.RouterFactory
2. Gerenic Invoke
Native Java deserialization will not be activated defaultly. If user still wants use it, please set dubbo.security.serialize.generic.native-java-enable
as true
in environment.
3. Serialization Block List
An embedded serialization block list is introduced in dubbo-common/src/main/resources/security/serialize.blockedlist
.
If user wants to add allow list, please refer dubbo.security.serialize.allowedClassList
.
4. Serialization ID Check
An optional checker can be enabled to check if consumer has sent the permitted serialiaztion id and consumer has received the same serialization id like it sent to provider. You can set serialization.security.check
as true
to enable this feature.
Change Lists
- Evacuation unnecessary example Initialization, creation Resource cost
- Fix TPS Limiter not work under Dynamic Configuration
- Solve the problem of not sharing the shared connection under lazy mode
- Fix methodName and retries in FailoverClusterInvoker
- Fix Dubbo qos command not work to offline provider
- Add socks5 proxy support to netty4 client
- Support high version Nacos
- Add some serialize check
- Fix MonitorService missing side=consumer paramter issue
- Fix netty3 backlog
- Fix Deserialization vulnerability