Author: buildbot
Date: Fri Sep 30 13:22:38 2016
New Revision: 998618
Log:
Production update by buildbot for activemq
Modified:
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/objectmessage.html
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/activemq/content/objectmessage.html
==============================================================================
--- websites/production/activemq/content/objectmessage.html (original)
+++ websites/production/activemq/content/objectmessage.html Fri Sep 30 13:22:38
2016
@@ -81,7 +81,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>Although ObjectMessage usage is
generally discouraged, as it introduces coupling of class paths between
producers and consumers, ActiveMQ supports them as part of the JMS
specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This
process is generally considered unsafe as malicious payload can exploit the
host system. That's why starting with versions <strong>5.12.2</strong>
and <strong>5.13.0</strong>, ActiveMQ enforces users to explicitly
whitelist packages that can be exchanged using ObjectMessages.</p><p>If you
need to exchange object messages, you need to add packages your applications
are using. You can do that with by
using <code>org.apache.activemq.SERIALIZABLE_PACKAGES</code> system
property of the broker. You can add this system property to
<code>ACTIVEMQ_OPTS</code> variable in <code>${ACTIVEMQ_HOME}/bin/env</code>
scri
pt.</p><p>For example:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<div class="wiki-content maincontent"><p>Although ObjectMessage usage is
generally discouraged, as it introduces coupling of class paths between
producers and consumers, ActiveMQ supports them as part of the JMS
specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This
process is generally considered unsafe as malicious payload can exploit the
host system. That's why starting with versions <strong>5.12.2</strong>
and <strong>5.13.0</strong>, ActiveMQ enforces users to explicitly
whitelist packages that can be exchanged using ObjectMessages.</p><p>If you
need to exchange object messages, you need to add packages your applications
are using. You can do that with by
using <code>org.apache.activemq.SERIALIZABLE_PACKAGES</code> system
property, interpreted by the broker and the activemq client library. You can
add this system property to <code>ACTIVEMQ_OPTS</code> variable
in <code>${ACTIVEMQ_HOME}/bin/env</code> script.</p><p>For example:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp</pre>
</div></div><p>will add <code>com.mycompany.myapp</code> package to the list
of trusted packages. Note that other packages listed here are enabled by
default as they are necessary for the regular broker work. In case you want to
shortcut this mechanism, you can allow all packages to be trusted by using
<code>*</code> wildcard, like</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=*</pre>
