[ https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15045216#comment-15045216 ]
Brett E. Meyer commented on AMQ-6013: ------------------------------------- Fair enough on the reasoning -- makes sense. However, I'd definitely agree that this fix needs to be announced through several channels, since it's a breaking change for many users. Also consider supporting additional means to set org.apache.activemq.SERIALIZABLE_PACKAGES (other than a system property), perhaps through a ActiveMQComponent property, etc. > Restrict classes that can be serialized in ObjectMessages > --------------------------------------------------------- > > Key: AMQ-6013 > URL: https://issues.apache.org/jira/browse/AMQ-6013 > Project: ActiveMQ > Issue Type: Bug > Affects Versions: 5.12.0 > Reporter: Dejan Bosanac > Assignee: Dejan Bosanac > Fix For: 5.11.3, 5.13.0 > > > At some points we do (de)serialization of JMS Object messages inside the > broker (HTTP, Stomp, Web Console, ...). We need to restrict classes that can > be serialized in this way. -- This message was sent by Atlassian JIRA (v6.3.4#6332)