activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r977573 [3/3] - in /websites/production/activemq/content: activemq-5122-release.html activemq-5130-release.html cache/main.pageCache cross-language-clients.html objectmessage.html overview.html
Date Wed, 13 Jan 2016 03:25:54 GMT
Modified: websites/production/activemq/content/objectmessage.html
==============================================================================
--- websites/production/activemq/content/objectmessage.html (original)
+++ websites/production/activemq/content/objectmessage.html Wed Jan 13 03:25:53 2016
@@ -81,11 +81,11 @@
   <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>Although ObjectMessage usage is generally
discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ
supports them as part of the JMS specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This process is
generally considered unsafe as malicious payload can exploit the host system. That's why starting
with version <strong>5.13.0</strong>, ActiveMQ enforce users to explicitly whitelist
packages that can be exchanged using ObjectMessages.</p><p>If you need to exchange
object messages, you need to add packages your applications are using. You can do that with
by using&#160;<code>org.apache.activemq.SERIALIZABLE_PACKAGES</code>&#160;system
property of the broker. You can add this system property to <code>ACTIVEMQ_OPTS</code>
variable in <code>${ACTIVEMQ_HOME}/bin/env</code> script.</p><p>For
example:</p><div clas
 s="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<div class="wiki-content maincontent"><p>Although ObjectMessage usage is generally
discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ
supports them as part of the JMS specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This process is
generally considered unsafe as malicious payload can exploit the host system. That's why starting
with versions <strong>5.12.2</strong> and&#160;<strong>5.13.0</strong>,
ActiveMQ enforces users to explicitly whitelist packages that can be exchanged using ObjectMessages.</p><p>If
you need to exchange object messages, you need to add packages your applications are using.
You can do that with by using&#160;<code>org.apache.activemq.SERIALIZABLE_PACKAGES</code>&#160;system
property of the broker. You can add this system property to <code>ACTIVEMQ_OPTS</code>
variable in <code>${ACTIVEMQ_HOME}/bin/env</code> scri
 pt.</p><p>For example:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"</pre>
 </div></div><p>will add <code>com.mycompany.myapp</code> package
to the list of trusted packages. Note that other packages listed here are enabled by default
as they are necessary for the regular broker work. In case you want to shortcut this mechanism,
you can allow all packages to be trusted by using <code>*</code> wildcard, like</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*"</pre>
-</div></div><h3 id="ObjectMessage-Clients">Clients</h3><p>On
the client side, you need to have this same mechanism as malicious code can be deserialized
on <code>ObjectMessage.getObject()</code> call, compromising your application's
environment. You can use the same configuration mechanism on the broker and configure trusted
classes using system properties. However, this is usually not convenient in the client applications,
so in <strong>5.13.1</strong> we introduced additional configuration mechanism
using <code>ActiveMQConnectionFactory</code>. There are two additional methods
defined:</p><ul><li>The <code>setTrustedPackages()</code> method
allows you to set the list of trusted packages you want to be to unserialize, like</li></ul><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><h3 id="ObjectMessage-Clients">Clients</h3><p>On
the client side, you need to have this same mechanism as malicious code can be deserialized
on <code>ObjectMessage.getObject()</code> call, compromising your application's
environment. You can use the same configuration mechanism on the broker and configure trusted
classes using system properties. However, this is usually not convenient in the client applications,
so in <strong>5.12.2</strong> and&#160;<strong>5.13.1</strong>
we introduced additional configuration mechanism using <code>ActiveMQConnectionFactory</code>.
There are two additional methods defined:</p><ul><li>The <code>setTrustedPackages()</code>
method allows you to set the list of trusted packages you want to be to unserialize, like</li></ul><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">ActiveMQConnectionFactory
factory = new ActiveMQConnectionFactory("tcp://localhost:61616");
 factory.setTrustedPackages(new ArrayList(Arrays.asList("org.apache.activemq.test,org.apache.camel.test")));</pre>
 </div></div><ul><li>The&#160;<code>setTrustAllPackages()</code>
allows you to turn off security check and trust all classes. It's useful for testing purposes.</li></ul><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">

Modified: websites/production/activemq/content/overview.html
==============================================================================
--- websites/production/activemq/content/overview.html (original)
+++ websites/production/activemq/content/overview.html Wed Jan 13 03:25:53 2016
@@ -72,7 +72,7 @@
   <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><ul class="childpages-macro"><li><a
shape="rect" href="download.html">Download</a><ul class="childpages-macro"><li><a
shape="rect" href="activemq-11-release.html">ActiveMQ 1.1 Release</a></li><li><a
shape="rect" href="activemq-12-release.html">ActiveMQ 1.2 Release</a></li><li><a
shape="rect" href="activemq-13-release.html">ActiveMQ 1.3 Release</a></li><li><a
shape="rect" href="activemq-14-release.html">ActiveMQ 1.4 Release</a></li><li><a
shape="rect" href="activemq-15-release.html">ActiveMQ 1.5 Release</a></li><li><a
shape="rect" href="activemq-20-release.html">ActiveMQ 2.0 Release</a></li><li><a
shape="rect" href="activemq-21-release.html">ActiveMQ 2.1 Release</a></li><li><a
shape="rect" href="activemq-30-release.html">ActiveMQ 3.0 Release</a></li><li><a
shape="rect" href="activemq-31-release.html">ActiveMQ 3.1 Release</a></li><li><a
shape="rect" href="activemq-321-release.html">ActiveMQ 3.2.1 Release</a></li><li><a
shape="rect" href="activemq-
 322-release.html">ActiveMQ 3.2.2 Release</a></li><li><a shape="rect"
href="activemq-32-release.html">ActiveMQ 3.2 Release</a></li><li><a
shape="rect" href="activemq-401-release.html">ActiveMQ 4.0.1 Release</a></li><li><a
shape="rect" href="activemq-402-release.html">ActiveMQ 4.0.2 Release</a></li><li><a
shape="rect" href="activemq-40-m4-release.html">ActiveMQ 4.0 M4 Release</a></li><li><a
shape="rect" href="activemq-40-rc2-release.html">ActiveMQ 4.0 RC2 Release</a></li><li><a
shape="rect" href="activemq-40-release.html">ActiveMQ 4.0 Release</a></li><li><a
shape="rect" href="activemq-410-release.html">ActiveMQ 4.1.0 Release</a></li><li><a
shape="rect" href="activemq-411-release.html">ActiveMQ 4.1.1 Release</a></li><li><a
shape="rect" href="activemq-412-release.html">ActiveMQ 4.1.2 Release</a></li><li><a
shape="rect" href="activemq-500-release.html">ActiveMQ 5.0.0 Release</a></li><li><a
shape="rect" href="activemq-510-release.html">ActiveMQ 5.1.0 Release</a></li><li><a
shape="rect" hr
 ef="activemq-520-release.html">ActiveMQ 5.2.0 Release</a></li><li><a
shape="rect" href="activemq-530-release.html">ActiveMQ 5.3.0 Release</a></li><li><a
shape="rect" href="activemq-531-release.html">ActiveMQ 5.3.1 Release</a></li><li><a
shape="rect" href="activemq-532-release.html">ActiveMQ 5.3.2 Release</a></li><li><a
shape="rect" href="activemq-540-release.html">ActiveMQ 5.4.0 Release</a></li><li><a
shape="rect" href="activemq-541-release.html">ActiveMQ 5.4.1 Release</a></li><li><a
shape="rect" href="activemq-542-release.html">ActiveMQ 5.4.2 Release</a></li><li><a
shape="rect" href="activemq-543-release.html">ActiveMQ 5.4.3 Release</a></li><li><a
shape="rect" href="activemq-550-release.html">ActiveMQ 5.5.0 Release</a></li><li><a
shape="rect" href="activemq-551-release.html">ActiveMQ 5.5.1 Release</a></li><li><a
shape="rect" href="activemq-560-release.html">ActiveMQ 5.6.0 Release</a></li><li><a
shape="rect" href="activemq-570-release.html">ActiveMQ 5.7.0 Release</a></li><li><a
shap
 e="rect" href="activemq-580-release.html">ActiveMQ 5.8.0 Release</a><ul class="childpages-macro"><li><a
shape="rect" href="58-migration-guide.html">5.8 Migration Guide</a></li></ul></li><li><a
shape="rect" href="activemq-590-release.html">ActiveMQ 5.9.0 Release</a><ul class="childpages-macro"><li><a
shape="rect" href="59-migration-guide.html">5.9 Migration Guide</a></li></ul></li><li><a
shape="rect" href="activemq-591-release.html">ActiveMQ 5.9.1 Release</a></li><li><a
shape="rect" href="activemq-5100-release.html">ActiveMQ 5.10.0 Release</a></li><li><a
shape="rect" href="activemq-5101-release.html">ActiveMQ 5.10.1 Release</a></li><li><a
shape="rect" href="activemq-5102-release.html">ActiveMQ 5.10.2 Release</a></li><li><a
shape="rect" href="activemq-5110-release.html">ActiveMQ 5.11.0 Release</a></li><li><a
shape="rect" href="activemq-5111-release.html">ActiveMQ 5.11.1 Release</a></li><li><a
shape="rect" href="activemq-5112-release.html">ActiveMQ 5.11.2 Release</a></li><li><a
shape="
 rect" href="activemq-5113-release.html">ActiveMQ 5.11.3 Release</a></li><li><a
shape="rect" href="activemq-5120-release.html">ActiveMQ 5.12.0 Release</a></li><li><a
shape="rect" href="activemq-5121-release.html">ActiveMQ 5.12.1 Release</a></li><li><a
shape="rect" href="activemq-5130-release.html">ActiveMQ 5.13.0 Release</a></li><li><a
shape="rect" href="in-progress.html">In Progress</a></li></ul></li><li><a
shape="rect" href="download-archives.html">Download Archives</a></li><li><a
shape="rect" href="javadocs.html">JavaDocs</a></li><li><a shape="rect"
href="news.html">News</a></li></ul> </div>
+<div class="wiki-content maincontent"><ul class="childpages-macro"><li><a
shape="rect" href="download.html">Download</a><ul class="childpages-macro"><li><a
shape="rect" href="activemq-11-release.html">ActiveMQ 1.1 Release</a></li><li><a
shape="rect" href="activemq-12-release.html">ActiveMQ 1.2 Release</a></li><li><a
shape="rect" href="activemq-13-release.html">ActiveMQ 1.3 Release</a></li><li><a
shape="rect" href="activemq-14-release.html">ActiveMQ 1.4 Release</a></li><li><a
shape="rect" href="activemq-15-release.html">ActiveMQ 1.5 Release</a></li><li><a
shape="rect" href="activemq-20-release.html">ActiveMQ 2.0 Release</a></li><li><a
shape="rect" href="activemq-21-release.html">ActiveMQ 2.1 Release</a></li><li><a
shape="rect" href="activemq-30-release.html">ActiveMQ 3.0 Release</a></li><li><a
shape="rect" href="activemq-31-release.html">ActiveMQ 3.1 Release</a></li><li><a
shape="rect" href="activemq-321-release.html">ActiveMQ 3.2.1 Release</a></li><li><a
shape="rect" href="activemq-
 322-release.html">ActiveMQ 3.2.2 Release</a></li><li><a shape="rect"
href="activemq-32-release.html">ActiveMQ 3.2 Release</a></li><li><a
shape="rect" href="activemq-401-release.html">ActiveMQ 4.0.1 Release</a></li><li><a
shape="rect" href="activemq-402-release.html">ActiveMQ 4.0.2 Release</a></li><li><a
shape="rect" href="activemq-40-m4-release.html">ActiveMQ 4.0 M4 Release</a></li><li><a
shape="rect" href="activemq-40-rc2-release.html">ActiveMQ 4.0 RC2 Release</a></li><li><a
shape="rect" href="activemq-40-release.html">ActiveMQ 4.0 Release</a></li><li><a
shape="rect" href="activemq-410-release.html">ActiveMQ 4.1.0 Release</a></li><li><a
shape="rect" href="activemq-411-release.html">ActiveMQ 4.1.1 Release</a></li><li><a
shape="rect" href="activemq-412-release.html">ActiveMQ 4.1.2 Release</a></li><li><a
shape="rect" href="activemq-500-release.html">ActiveMQ 5.0.0 Release</a></li><li><a
shape="rect" href="activemq-510-release.html">ActiveMQ 5.1.0 Release</a></li><li><a
shape="rect" hr
 ef="activemq-520-release.html">ActiveMQ 5.2.0 Release</a></li><li><a
shape="rect" href="activemq-530-release.html">ActiveMQ 5.3.0 Release</a></li><li><a
shape="rect" href="activemq-531-release.html">ActiveMQ 5.3.1 Release</a></li><li><a
shape="rect" href="activemq-532-release.html">ActiveMQ 5.3.2 Release</a></li><li><a
shape="rect" href="activemq-540-release.html">ActiveMQ 5.4.0 Release</a></li><li><a
shape="rect" href="activemq-541-release.html">ActiveMQ 5.4.1 Release</a></li><li><a
shape="rect" href="activemq-542-release.html">ActiveMQ 5.4.2 Release</a></li><li><a
shape="rect" href="activemq-543-release.html">ActiveMQ 5.4.3 Release</a></li><li><a
shape="rect" href="activemq-550-release.html">ActiveMQ 5.5.0 Release</a></li><li><a
shape="rect" href="activemq-551-release.html">ActiveMQ 5.5.1 Release</a></li><li><a
shape="rect" href="activemq-560-release.html">ActiveMQ 5.6.0 Release</a></li><li><a
shape="rect" href="activemq-570-release.html">ActiveMQ 5.7.0 Release</a></li><li><a
shap
 e="rect" href="activemq-580-release.html">ActiveMQ 5.8.0 Release</a><ul class="childpages-macro"><li><a
shape="rect" href="58-migration-guide.html">5.8 Migration Guide</a></li></ul></li><li><a
shape="rect" href="activemq-590-release.html">ActiveMQ 5.9.0 Release</a><ul class="childpages-macro"><li><a
shape="rect" href="59-migration-guide.html">5.9 Migration Guide</a></li></ul></li><li><a
shape="rect" href="activemq-591-release.html">ActiveMQ 5.9.1 Release</a></li><li><a
shape="rect" href="activemq-5100-release.html">ActiveMQ 5.10.0 Release</a></li><li><a
shape="rect" href="activemq-5101-release.html">ActiveMQ 5.10.1 Release</a></li><li><a
shape="rect" href="activemq-5102-release.html">ActiveMQ 5.10.2 Release</a></li><li><a
shape="rect" href="activemq-5110-release.html">ActiveMQ 5.11.0 Release</a></li><li><a
shape="rect" href="activemq-5111-release.html">ActiveMQ 5.11.1 Release</a></li><li><a
shape="rect" href="activemq-5112-release.html">ActiveMQ 5.11.2 Release</a></li><li><a
shape="
 rect" href="activemq-5113-release.html">ActiveMQ 5.11.3 Release</a></li><li><a
shape="rect" href="activemq-5120-release.html">ActiveMQ 5.12.0 Release</a></li><li><a
shape="rect" href="activemq-5121-release.html">ActiveMQ 5.12.1 Release</a></li><li><a
shape="rect" href="activemq-5122-release.html">ActiveMQ 5.12.2 Release</a></li><li><a
shape="rect" href="activemq-5130-release.html">ActiveMQ 5.13.0 Release</a></li><li><a
shape="rect" href="in-progress.html">In Progress</a></li></ul></li><li><a
shape="rect" href="download-archives.html">Download Archives</a></li><li><a
shape="rect" href="javadocs.html">JavaDocs</a></li><li><a shape="rect"
href="news.html">News</a></li></ul> </div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message