[
https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15045216#comment-15045216
]
Brett E. Meyer edited comment on AMQ-6013 at 12/7/15 4:45 PM:
--------------------------------------------------------------
Fair enough on the reasoning -- makes sense. However, I'd definitely agree
that this fix needs to be announced through several channels, since it's a
breaking change for many users.
Also consider supporting additional means to set
org.apache.activemq.SERIALIZABLE_PACKAGES (other than a system property),
perhaps through a ActiveMQComponent property, etc.
Additionally, provide logging on startup that communicates the restriction and
how to customize it.
was (Author: 3riverdev):
Fair enough on the reasoning -- makes sense. However, I'd definitely agree
that this fix needs to be announced through several channels, since it's a
breaking change for many users.
Also consider supporting additional means to set
org.apache.activemq.SERIALIZABLE_PACKAGES (other than a system property),
perhaps through a ActiveMQComponent property, etc.
> Restrict classes that can be serialized in ObjectMessages
> ---------------------------------------------------------
>
> Key: AMQ-6013
> URL: https://issues.apache.org/jira/browse/AMQ-6013
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.12.0
> Reporter: Dejan Bosanac
> Assignee: Dejan Bosanac
> Fix For: 5.11.3, 5.13.0
>
>
> At some points we do (de)serialization of JMS Object messages inside the
> broker (HTTP, Stomp, Web Console, ...). We need to restrict classes that can
> be serialized in this way.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
