Restricting Incoming Serialized Java Objects to Oracle WebLogic Server - New with WLS PSUs
(Doc ID 2421487.1)
Last updated on APRIL 23, 2020
Applies to:Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
- Note this document may be updated with a PSU release. Check back when applying the next PSU and look for updates.
- For example, January 2019 has an updated blacklist and updated serialFilterScope. July 2019 added a blacklist item. New dates will be in bold.
- This document began tracking this beginning with the WLS PSU Oct 2018 PSU.
- A separate modification history will only be created if there are enough changes to note.
This document provided information to help in restricting incoming serialized Java objects as part of a security best practice or hardening recommendation for Oracle WebLogic Server (WLS).
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|JEP 290 JDK Support|
|WebLogic Server JEP 290 Default Filter|
|Customizing the WebLogic Server JEP 290 Default Filter|