Jackson Deserialization Issue with spring 5.5 #15952
Assignees
Labels
for: stackoverflow
A question that's better suited to stackoverflow.com
in: core
An issue in spring-security-core
Comments
TeamOussama
added
status: waiting-for-triage
|
Thanks for getting in touch, @TeamOussama! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug. |
jzheaux
added
in: core
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I integrated redis with spring session and spring security 5.5.4 and respected the
An error has occurred
Could not read JSON: The class with org.springframework.security.web.savedrequest.DefaultSavedRequest and name of org.springframework.security.web.savedrequest.DefaultSavedRequest is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See #4370 for details; nested exception is java.lang.IllegalArgumentException: The class with org.springframework.security.web.savedrequest.DefaultSavedRequest and name of org.springframework.security.web.savedrequest.DefaultSavedRequest is not in the allowlist. If you believe this class is safe to deserialize, please provide an explicit mapping using Jackson annotations or by providing a Mixin. If the serialization is only done by a trusted source, you can also enable default typing. See #4370 for details
The same issue as :
#8373
The text was updated successfully, but these errors were encountered: