Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AVRO-3985: Add trusted packages support in SpecificData #2934

Merged
merged 4 commits into from
Jun 24, 2024
Merged

AVRO-3985: Add trusted packages support in SpecificData #2934

merged 4 commits into from
Jun 24, 2024

Conversation

jbonofre
Copy link
Member

@jbonofre jbonofre commented Jun 1, 2024
edited

What is the purpose of the change

This change introduces the org.apache.avro.SERIALIZABLE_PACKAGES system property to enforce the security aspect of using java-class in a schema.

Verifying this change

This change is already covered by existing tests, using the default trusted packages. I can add an additional test specifically for non trusted packages.

Documentation

  • Does this pull request introduce a new feature? yes
  • If yes, how is the feature documented? The error message already explains how to use org.apache.avro.SERIALIZABLE_PACKAGES system property. Happy to add additional documentation if needed.

@github-actions github-actions bot added the Java Pull Requests for Java binding label Jun 1, 2024
@jbonofre jbonofre requested a review from Fokko June 1, 2024 07:29
Fokko
Fokko approved these changes Jun 2, 2024
View reviewed changes
Copy link
Contributor

@Fokko Fokko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @jbonofre

lang/java/avro/src/main/java/org/apache/avro/specific/SpecificData.java Outdated Show resolved Hide resolved
@jbonofre jbonofre force-pushed the AVRO-3985 branch 4 times, most recently from 78142bb to 9991b78 Compare June 4, 2024 09:39
@jbonofre
Copy link
Member Author

@Fokko @martin-g @KalleOlaviNiemitalo I updated the PR. Can you guys please take a look ? Thanks !

@Fokko Fokko merged commit f6b3bd7 into apache:main Jun 24, 2024
8 checks passed
@Fokko
Copy link
Contributor

Fokko commented Jun 24, 2024

Moving this forward, thanks @jbonofre for fixing this 🙌 and thanks @martin-g and @KalleOlaviNiemitalo for the reviews!

@jbonofre jbonofre deleted the AVRO-3985 branch June 26, 2024 07:53
@jbonofre
Copy link
Member Author

I'm creating the 1.11.x backport PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fokko Fokko Fokko approved these changes

@martin-g martin-g martin-g approved these changes

@KalleOlaviNiemitalo KalleOlaviNiemitalo Awaiting requested review from KalleOlaviNiemitalo

Assignees
No one assigned
Labels
Java Pull Requests for Java binding
Projects
None yet
Milestone
No milestone
4 participants
@jbonofre @Fokko @martin-g @KalleOlaviNiemitalo