activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mhemple <>
Subject Object Message Deserialization Security White List Wildcards
Date Sun, 21 Feb 2016 01:23:28 GMT

I'm using ActiveMQ as my jms broker for a webapp.  I am currently using the
vm argument -Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*" so that Spring
integration can deserialize my object messages
(  I know this is a security
vulnerability and I'd like to use a white list, but I'm having issues
getting it to work correctly.  What I'd like to do is use wild cards to
white list every spring integration class... something like this
but this doesn't seem to work.  Do I have to list each package individually?


View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message