activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett E. Meyer (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AMQ-6013) Restrict classes that can be serialized in ObjectMessages
Date Mon, 07 Dec 2015 16:46:10 GMT

    [ https://issues.apache.org/jira/browse/AMQ-6013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15045216#comment-15045216
] 

Brett E. Meyer edited comment on AMQ-6013 at 12/7/15 4:45 PM:
--------------------------------------------------------------

Fair enough on the reasoning -- makes sense.  However, I'd definitely agree that this fix
needs to be announced through several channels, since it's a breaking change for many users.

Also consider supporting additional means to set org.apache.activemq.SERIALIZABLE_PACKAGES
(other than a system property), perhaps through a ActiveMQComponent property, etc.

Additionally, provide logging on startup that communicates the restriction and how to customize
it.


was (Author: 3riverdev):
Fair enough on the reasoning -- makes sense.  However, I'd definitely agree that this fix
needs to be announced through several channels, since it's a breaking change for many users.

Also consider supporting additional means to set org.apache.activemq.SERIALIZABLE_PACKAGES
(other than a system property), perhaps through a ActiveMQComponent property, etc.

> Restrict classes that can be serialized in ObjectMessages
> ---------------------------------------------------------
>
>                 Key: AMQ-6013
>                 URL: https://issues.apache.org/jira/browse/AMQ-6013
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.12.0
>            Reporter: Dejan Bosanac
>            Assignee: Dejan Bosanac
>             Fix For: 5.11.3, 5.13.0
>
>
> At some points we do (de)serialization of JMS Object messages inside the broker (HTTP,
Stomp, Web Console, ...). We need to restrict classes that can be serialized in this way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message