RecipesCatalogJavaSecurityMarshallingCopy pageOn this pageMarshalling Recipes Insecure JMS deserialization Restrict deserialized classes for JMS ObjectMessage Secure the use of Jackson default typing Secure the use of SnakeYAML's constructor