Hi, Currently ActiveMQ broker is using ActiveMQ v5.14 while clients are still running on v5.11. In the client migration process, we are facing below problem with ObjectMessages:
The cases when producer is migrated to 5.14 but consumer is still using the older version(5.11) are failing and throwing the security exception provided below. Details about the failure : [Upgraded ]Broker is running with v5.14 with -Dorg.apache.activemq.SERIALIZABLE_PACKAGES=* [Upgraded ]producer running with v5.14 [Not Upgraded]consumer running with v5.11 and does not specified any trusted package property. Can someone check why this case is not working as ActiveMQ is supposed to decouple producer and consumers but here migration is stuck unless both producer and consumers are migrated to the same version at the same time. Caused by: java.lang.ClassNotFoundException: Forbidden class producer.test.SampleObjectMessage! This class is not trusted to be serialized as ObjectMessage payload. Please take a look at http://activemq.apache.org/objectmessage.html for more information on how to configure trusted classes. at org.apache.activemq.util.ClassLoadingAwareObjectInputStream.checkSecurity(ClassLoadingAwareObjectInputStream.java:112) at org.apache.activemq.util.ClassLoadingAwareObjectInputStream.resolveClass(ClassLoadingAwareObjectInputStream.java:57) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1613) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1518) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1774) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1351) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:371) at org.apache.activemq.command.ActiveMQObjectMessage.getObject(ActiveMQObjectMessage.java:206) -- Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
