Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 385F8200B8F for ; Fri, 30 Sep 2016 15:22:44 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 36F89160AD9; Fri, 30 Sep 2016 13:22:44 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 7CF58160AC4 for ; Fri, 30 Sep 2016 15:22:43 +0200 (CEST) Received: (qmail 37896 invoked by uid 500); 30 Sep 2016 13:22:42 -0000 Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list commits@activemq.apache.org Received: (qmail 37883 invoked by uid 99); 30 Sep 2016 13:22:42 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 30 Sep 2016 13:22:42 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 4D13CC6974 for ; Fri, 30 Sep 2016 13:22:42 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.199 X-Spam-Level: X-Spam-Status: No, score=-1.199 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 1GhdOe7eF2Vv for ; Fri, 30 Sep 2016 13:22:41 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with ESMTP id F15C55F479 for ; Fri, 30 Sep 2016 13:22:40 +0000 (UTC) Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 0A8F5E017A for ; Fri, 30 Sep 2016 13:22:40 +0000 (UTC) Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id D7E123A031D for ; Fri, 30 Sep 2016 13:22:39 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r998618 - in /websites/production/activemq/content: cache/main.pageCache objectmessage.html Date: Fri, 30 Sep 2016 13:22:38 -0000 To: commits@activemq.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20160930132239.D7E123A031D@svn01-us-west.apache.org> archived-at: Fri, 30 Sep 2016 13:22:44 -0000 Author: buildbot Date: Fri Sep 30 13:22:38 2016 New Revision: 998618 Log: Production update by buildbot for activemq Modified: websites/production/activemq/content/cache/main.pageCache websites/production/activemq/content/objectmessage.html Modified: websites/production/activemq/content/cache/main.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/activemq/content/objectmessage.html ============================================================================== --- websites/production/activemq/content/objectmessage.html (original) +++ websites/production/activemq/content/objectmessage.html Fri Sep 30 13:22:38 2016 @@ -81,7 +81,7 @@ -

Although ObjectMessage usage is generally discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ supports them as part of the JMS specification.

Security

ObjectMessage objects depend on Java serialization of marshal/unmarshal object payload. This process is generally considered unsafe as malicious payload can exploit the host system. That's why starting with versions 5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages that can be exchanged using ObjectMessages.

If you need to exchange object messages, you need to add packages your applications are using. You can do that with by using org.apache.activemq.SERIALIZABLE_PACKAGES system property of the broker. You can add this system property to ACTIVEMQ_OPTS variable in ${ACTIVEMQ_HOME}/bin/env scri pt.

For example:

+

Although ObjectMessage usage is generally discouraged, as it introduces coupling of class paths between producers and consumers, ActiveMQ supports them as part of the JMS specification.

Security

ObjectMessage objects depend on Java serialization of marshal/unmarshal object payload. This process is generally considered unsafe as malicious payload can exploit the host system. That's why starting with versions 5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages that can be exchanged using ObjectMessages.

If you need to exchange object messages, you need to add packages your applications are using. You can do that with by using org.apache.activemq.SERIALIZABLE_PACKAGES system property, interpreted by the broker and the activemq client library. You can add this system property to ACTIVEMQ_OPTS variable in ${ACTIVEMQ_HOME}/bin/env script.

For example:

-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp

will add com.mycompany.myapp package to the list of trusted packages. Note that other packages listed here are enabled by default as they are necessary for the regular broker work. In case you want to shortcut this mechanism, you can allow all packages to be trusted by using * wildcard, like

-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=*