-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuration of SpringCloudCommandRouter with a provided XStreamSerializer #13
Comments
Good point @martijnvanderwoud. It was hard coded to XStream as it is dedicated to serializing the Should be easy enough to adjust this though. I would suggest to add a dedicated builder method in the |
I agree Steven, would you like me to submit a PR for this? Might be a while before I find some time for this but it does not appear to be very complicated |
If you would have the time to provide a PR @martijnvanderwoud, that would be great! |
The Serializer should be configurable for two reasons: 1. To ensure the security warning thrown by XStream can be mitigated by users. 2. To allow setting of the ClassLoader, which is required for Spring Devtools to work correctly. #1382 & #13
[#13 & #1382] Allow Serializer Configuration & Support Spring Boot DevTools
Thanks for fixing this @smcvb, sorry that I did not make time to create a PR (this was still on my todo list, but has been there for ages) |
The serializer used by the
SpringCloudCommandRouter
is hard-coded.protected final XStreamSerializer serializer = XStreamSerializer.builder().build();
So far, I have not found a way to provide my own serializer. I would like to do so, since the hardcoded one produces this warning: "Security framework of XStream not initialized, XStream is probably vulnerable."
The text was updated successfully, but these errors were encountered: