Details
-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
-
Empty show more show less
-
Sprint 3 (Kromeriz)
-
8
Description
Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That's because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers.
Checklists
Acceptance criteria
Attachments
Issue Links
- is causing
-
MGNLEESOLR-76 Do not handle differently with search results in different providers/models
-
- Closed
-