activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r998618 - in /websites/production/activemq/content: cache/main.pageCache objectmessage.html
Date Fri, 30 Sep 2016 13:22:38 GMT
Author: buildbot
Date: Fri Sep 30 13:22:38 2016
New Revision: 998618

Log:
Production update by buildbot for activemq

Modified:
    websites/production/activemq/content/cache/main.pageCache
    websites/production/activemq/content/objectmessage.html

Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/activemq/content/objectmessage.html
==============================================================================
--- websites/production/activemq/content/objectmessage.html (original)
+++ websites/production/activemq/content/objectmessage.html Fri Sep 30 13:22:38 2016
@@ -81,7 +81,7 @@
   <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>Although ObjectMessage usage is generally
discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ
supports them as part of the JMS specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This process is
generally considered unsafe as malicious payload can exploit the host system. That's why starting
with versions <strong>5.12.2</strong> and&#160;<strong>5.13.0</strong>,
ActiveMQ enforces users to explicitly whitelist packages that can be exchanged using ObjectMessages.</p><p>If
you need to exchange object messages, you need to add packages your applications are using.
You can do that with by using&#160;<code>org.apache.activemq.SERIALIZABLE_PACKAGES</code>&#160;system
property of the broker. You can add this system property to <code>ACTIVEMQ_OPTS</code>
variable in <code>${ACTIVEMQ_HOME}/bin/env</code> scri
 pt.</p><p>For example:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<div class="wiki-content maincontent"><p>Although ObjectMessage usage is generally
discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ
supports them as part of the JMS specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This process is
generally considered unsafe as malicious payload can exploit the host system. That's why starting
with versions <strong>5.12.2</strong> and&#160;<strong>5.13.0</strong>,
ActiveMQ enforces users to explicitly whitelist packages that can be exchanged using ObjectMessages.</p><p>If
you need to exchange object messages, you need to add packages your applications are using.
You can do that with by using&#160;<code>org.apache.activemq.SERIALIZABLE_PACKAGES</code>&#160;system
property, interpreted by the broker and the activemq client library. You can add this system
property to <code>ACTIVEMQ_OPTS</code> variable 
 in <code>${ACTIVEMQ_HOME}/bin/env</code> script.</p><p>For example:</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp</pre>
 </div></div><p>will add <code>com.mycompany.myapp</code> package
to the list of trusted packages. Note that other packages listed here are enabled by default
as they are necessary for the regular broker work. In case you want to shortcut this mechanism,
you can allow all packages to be trusted by using <code>*</code> wildcard, like</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
 <pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=*</pre>



Mime
View raw message