Permalink
Browse files

[SECURITY-232] Blacklist RMI-related classes.

  • Loading branch information...
jglick committed Feb 3, 2016
1 parent db9c9d9 commit baa0cef36081711d216532d562e02e2fc425d310
Showing with 4 additions and 1 deletion.
  1. +4 −1 src/main/java/hudson/remoting/ClassFilter.java
@@ -78,7 +78,10 @@ public final Class check(Class c) {
LOGGER.log(Level.FINE, "Using default in built class blacklisting");
return new RegExpClassFilter(Arrays.asList(Pattern.compile("^org\\.codehaus\\.groovy\\.runtime\\..*"),
Pattern.compile("^org\\.apache\\.commons\\.collections\\.functors\\..*"),
Pattern.compile(".*org\\.apache\\.xalan.*")
Pattern.compile(".*org\\.apache\\.xalan.*"),
Pattern.compile("^com\\.sun\\.jndi\\.rmi\\..*"),
Pattern.compile("^sun\\..*"),
Pattern.compile("^java\\.rmi\\..*")
));
}
}

0 comments on commit baa0cef

Please sign in to comment.