Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs (Doc ID 2421487.1)

Last updated on NOVEMBER 05, 2023

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Oracle WebCenter Content: Imaging - Version 12.2.1.4.0 to 12.2.1.4.0 [Release 12c]
Information in this document applies to any platform.
- This document was released with the WLS PSU for Oct 2018.
- This document is expected to be updated with newer PSU releases IF there is something new to communicate. Check back when applying the next PSU and JDK update for any updates.
- For example, January 2019 has an updated block list and updated serialFilterScope. July 2019 and 2020 added block listed items. New dates will be in bold.

Purpose

This document provided information to help in restricting incoming serialized Java objects as part of a security best practice or hardening recommendation for Oracle WebLogic Server (WLS).

Details

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Purpose

Details

Overview and Security Recommendations

Restricting Incoming Serialized Java Objects to Oracle WebLogic Server

JEP 290 JDK Support

WebLogic Server JEP 290 Default Filter

Customizing the WebLogic Server JEP 290 Default Filter

Troubleshooting

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs (Doc ID 2421487.1)

Applies to:

Purpose

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!