Closed
Description
Summary
When enabling the GenericJackson2JsonRedisSerializer, serialisation of the session fails due to the restrictive whitelisting, as related to #4370
This is because org.springframework.session.data.redis.RedisOperationsSessionRepository uses a HashMap to represent the "delta" field in RedisSession org.springframework.session.data.redis.RedisOperationsSessionRepository.RedisSession
Would it be possible to open-up HashMaps for deserialisation purposes. Seen as we already allow TreeMap, I can't see a HashMap would make much different security wise.