springboot Dynamic Code Evaluation: Unsafe Deserialization (Spring Boot 2) - how to avoid actuator related fortify issue, or is it a false positive?

Dynamic Code Evaluation: Unsafe Deserialization (Spring Boot 2) - how to avoid actuator related fortify issue, or is it a false positive? how to avoid this problem?

Comment From: wilkinsona

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. As mentioned in the guidelines for contributing, we prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add some more details if you feel this is a genuine bug.

Comment From: wilkinsona

Before posting your own question on Stack Overflow, you may be interested in this existing question.

Comment From: dongdongqin

thanks for your quick response, i try all kinds of solution. it does not work. fortify is our standard for software safe. Thus, i try to see the answers from official sites. It also maybe fortify problems, not actuator problem. thaks again!

Comment From: hungvu2000

Hi dongdongqin,

Have you found the solution? I have the same issue but don't know how to fix it.

Thanks and Regards, Hung Vu