4-21 - Unsafe serialization data detected

4-21 - Unsafe serialization data detected

Possible Causes

The current server may be under attack, or the built-in class checking logic of Dubbo has not scanned the classes you defined.

Troubleshooting and Resolution Steps

  1. If the request source is an attack source, please promptly reinforce security.
  2. If the request source is expected, declare the class names you are using in the security/serialize.allowlist resource file, and Dubbo will automatically load them into the allowlist. Please refer to the Class Checking Mechanism article.

Currently, Dubbo can operate in monitoring mode and restriction mode. Monitoring mode only logs, without interception; restriction mode will perform interception.

Last modified September 30, 2024: Translate (22d3d83a3b)