My Oracle Support Banner

Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs (Doc ID 2421487.1)

Last updated on AUGUST 26, 2019

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
- Note this document may be updated with a PSU release. Check back when applying the next PSU and look for updates
- For example, January 2019 has an updated blacklist and updated serialFilterScope. July 2019 added a blacklist item

Purpose

This document provided information to help you restrict incoming serialized Java objects as part of a security best practice or hardening recommendation for Oracle WebLogic Server (WLS).

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Details
 Overview
 JEP 290 JDK Support
 WebLogic Server JEP 290 Default Filter
 Customizing the WebLogic Server JEP 290 Default Filter
 Troubleshooting
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.