My Oracle Support Banner

AllowList Recording Does Not Record java*.* , weblogic., oracle. in jep290-recorded.serial.properties (Doc ID 2942847.1)

Last updated on APRIL 21, 2023

Applies to:

Oracle WebLogic Server - Version 12.2.1.4.0 and later
Information in this document applies to any platform.

Symptoms

As per Oracle Docs :

"Allowlists are configuration files that define a list of the WebLogic Server and customer application classes and packages that you wish to allow to be deserialized. Allowlists can be created and configured to control which packages and classes are deserialized (or blocked) in running systems.

When allowlist recording is enabled, all classes are allowed during deserialization except for the classes specified in the blockist.

Run a full set of tests to ensure that the recorded allowlist configuration file provides appropriate coverage of all packages and classes that must be allowed in order for your application to run successfully. When deserialization occurs, each class is recorded in the following configuration file:

DOMAIN_HOME/config/security/jep290-recorded.serial.properties "

Link : https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/secmg/conf-security-for-domain.html#GUID-3E3D41E9-ACCA-40D3-8557-08DCC8570E95

It was noticed that jep290 recording is not recording java.net.URL in jep290-recorded.serial.properties

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.