Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Java Property Disabling POJO Import #15971

Closed
mn-mikke opened this issue Dec 18, 2023 · 0 comments · Fixed by #16021
Closed

Introduce Java Property Disabling POJO Import #15971

mn-mikke opened this issue Dec 18, 2023 · 0 comments · Fixed by #16021
Assignees
@mn-mikke
Labels
bug
Milestone
3.46.0.1

Comments

@mn-mikke
Copy link
Collaborator

The mehods import_mojo/upload_mojo also enables to load POJOs. This feature brings vulnerability CVE-2023-6016. The goal of this PR is to introduce java property that disables the import of POJOs. This feature should be disabled by default.
@mn-mikke mn-mikke added the bug label Dec 18, 2023
@mn-mikke mn-mikke added this to the 3.46.0.1 milestone Dec 18, 2023
@mn-mikke mn-mikke self-assigned this Jan 15, 2024
mn-mikke added a commit that referenced this issue Jan 18, 2024
@mn-mikke
[GH-15971] Introduce Java Property Disabling POJO Import
afcb251
This was referenced Jan 18, 2024
Merged
Closed
mn-mikke added a commit that referenced this issue Jan 25, 2024
@mn-mikke
[GH-15971] Introduce Java Property Disabling POJO Import (#16021)
393f2e3 
* [GH-15971] Introduce Java Property Disabling POJO Import

* use unit test lib

* update mojo import

* fix java test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mn-mikke mn-mikke

Labels
bug
Projects
None yet
Milestone
3.46.0.1
Development

Successfully merging a pull request may close this issue.

[GH-15971] Introduce Java Property Disabling POJO Import h2oai/h2o-3
1 participant
@mn-mikke