activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mhemple <mhem...@gmail.com>
Subject Re: Messages dequeued but not consumed
Date Fri, 12 Feb 2016 16:18:15 GMT
ObjectMessage serialization security was the issue.

*
ObjectMessage objects depend on Java serialization of marshal/unmarshal
object payload. This process is generally considered unsafe as malicious
payload can exploit the host system. That's why starting with versions
5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages
that can be exchanged using ObjectMessages.*

I saw this a few days ago and added a white list but it didn't fix the
issue.  I also tried running against AMQ 5.11.3 and it didn't work. 
Apparently they added the security feature to 5.11.3 too.  Anyway, I added
this (-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*") to the client side
and AMQ vm arguments and now everything is working as it should.

Thanks Tim



--
View this message in context: http://activemq.2283324.n4.nabble.com/Messages-dequeued-but-not-consumed-tp4707380p4707463.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message