activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: ActiveMQv5.14 ObjectMessage Issues
Date Tue, 12 Sep 2017 06:45:19 GMT
Here is the source of that class in 5.11.1:
http://grepcode.com/file/repo1.maven.org/maven2/org.apache.activemq/activemq-all/5.11.1/org/apache/activemq/util/ClassLoadingAwareObjectInputStream.java?av=f

If you look at line 112 (the one from your stack trace), you can see that
it doesn't log the error message from your original post, whereas the
version of the file that was added in 5.11.3 has that exact log line at
that line number. So despite what you believe, you appear to be using a
version that is 5.11.3 or later.

The good news is that all you should have to do is add the same -D
parameter to your client executable and everything should work fine.

And I assume you know that by trusting *, you're intentionally opening a
security vulnerability in your ActiveMQ broker and clients that could be
used by an attacker to execute exploits against you. That's your
prerogative, of course, but it's not what I'd do if I were you (nor what
I'd want you to do, if I were your employer).

Tim

On Tue, Sep 12, 2017 at 12:32 AM, khandelwalanuj <
anuj.cool.khandelwal@gmail.com> wrote:

> Clients are running on older version : <  5.11.1
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message