activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbono...@apache.org
Subject [activemq] branch activemq-5.16.x updated: AMQ-8117 - Allow java.util arrays for deserialization
Date Fri, 04 Jun 2021 04:16:28 GMT
This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch activemq-5.16.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.16.x by this push:
     new f3e90aa  AMQ-8117 - Allow java.util arrays for deserialization
f3e90aa is described below

commit f3e90aab446bb1fc88feba64e710d80dcc03dab1
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Thu Jun 3 14:42:42 2021 +0100

    AMQ-8117 - Allow java.util arrays for deserialization
    
    (cherry picked from commit 7ca7118a9544fd6b2aac4dd72fd3a6edc3369aca)
---
 .../java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java     | 1 +
 .../src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
index 47d4754..322e1e7 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
@@ -372,6 +372,7 @@ public class SubQueueSelectorCacheBroker extends BrokerFilter implements
Runnabl
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.")
// Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }
diff --git a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
index 886695b..020ea1e 100644
--- a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
+++ b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
@@ -4250,6 +4250,7 @@ public abstract class MessageDatabase extends ServiceSupport implements
BrokerSe
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.")
// Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }

Mime
View raw message