From commits-return-63547-archive-asf-public=cust-asf.ponee.io@activemq.apache.org  Fri Jun  4 04:15:51 2021
Return-Path: <commits-return-63547-archive-asf-public=cust-asf.ponee.io@activemq.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mxout1-ec2-va.apache.org (mxout1-ec2-va.apache.org [3.227.148.255])
	by mx-eu-01.ponee.io (Postfix) with ESMTPS id 68701180643
	for <archive-asf-public@cust-asf.ponee.io>; Fri,  4 Jun 2021 06:15:51 +0200 (CEST)
Received: from mail.apache.org (mailroute1-lw-us.apache.org [207.244.88.153])
	by mxout1-ec2-va.apache.org (ASF Mail Server at mxout1-ec2-va.apache.org) with SMTP id 95D7D3F194
	for <archive-asf-public@cust-asf.ponee.io>; Fri,  4 Jun 2021 04:15:50 +0000 (UTC)
Received: (qmail 53258 invoked by uid 500); 4 Jun 2021 04:15:49 -0000
Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@activemq.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@activemq.apache.org>
List-Post: <mailto:commits@activemq.apache.org>
List-Id: <commits.activemq.apache.org>
Reply-To: dev@activemq.apache.org
Delivered-To: mailing list commits@activemq.apache.org
Received: (qmail 53249 invoked by uid 99); 4 Jun 2021 04:15:49 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jun 2021 04:15:49 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id 47B4681A86; Fri,  4 Jun 2021 04:15:49 +0000 (UTC)
Date: Fri, 04 Jun 2021 04:15:49 +0000
To: "commits@activemq.apache.org" <commits@activemq.apache.org>
Subject: [activemq] branch main updated: AMQ-8117 - Allow java.util arrays
 for deserialization
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <162278014875.30268.1471118526053073601@gitbox.apache.org>
From: jbonofre@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: activemq
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Oldrev: ac27cc2cda1ac10d01bc87c1f875dcf278a9594f
X-Git-Newrev: 7ca7118a9544fd6b2aac4dd72fd3a6edc3369aca
X-Git-Rev: 7ca7118a9544fd6b2aac4dd72fd3a6edc3369aca
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/main by this push:
     new 7ca7118  AMQ-8117 - Allow java.util arrays for deserialization
     new c739984  Merge pull request #667 from coheigea/AMQ-8117
7ca7118 is described below

commit 7ca7118a9544fd6b2aac4dd72fd3a6edc3369aca
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Thu Jun 3 14:42:42 2021 +0100

    AMQ-8117 - Allow java.util arrays for deserialization
---
 .../java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java     | 1 +
 .../src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
index 47d4754..322e1e7 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
@@ -372,6 +372,7 @@ public class SubQueueSelectorCacheBroker extends BrokerFilter implements Runnabl
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }
diff --git a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
index a41c15a..448cb6a 100644
--- a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
+++ b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
@@ -4250,6 +4250,7 @@ public abstract class MessageDatabase extends ServiceSupport implements BrokerSe
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }