Modified: websites/production/activemq/content/objectmessage.html
==============================================================================
--- websites/production/activemq/content/objectmessage.html (original)
+++ websites/production/activemq/content/objectmessage.html Wed Jan 13 03:25:53
2016
@@ -81,11 +81,11 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>Although ObjectMessage usage is
generally discouraged, as it introduces coupling of class paths between
producers and consumers, ActiveMQ supports them as part of the JMS
specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This
process is generally considered unsafe as malicious payload can exploit the
host system. That's why starting with version <strong>5.13.0</strong>, ActiveMQ
enforce users to explicitly whitelist packages that can be exchanged using
ObjectMessages.</p><p>If you need to exchange object messages, you need to add
packages your applications are using. You can do that with by
using <code>org.apache.activemq.SERIALIZABLE_PACKAGES</code> system
property of the broker. You can add this system property to
<code>ACTIVEMQ_OPTS</code> variable in <code>${ACTIVEMQ_HOME}/bin/env</code>
script.</p><p>For example:</p><div clas
s="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+<div class="wiki-content maincontent"><p>Although ObjectMessage usage is
generally discouraged, as it introduces coupling of class paths between
producers and consumers, ActiveMQ supports them as part of the JMS
specification.</p><h2 id="ObjectMessage-Security">Security</h2><p>ObjectMessage
objects depend on Java serialization of marshal/unmarshal object payload. This
process is generally considered unsafe as malicious payload can exploit the
host system. That's why starting with versions <strong>5.12.2</strong>
and <strong>5.13.0</strong>, ActiveMQ enforces users to explicitly
whitelist packages that can be exchanged using ObjectMessages.</p><p>If you
need to exchange object messages, you need to add packages your applications
are using. You can do that with by
using <code>org.apache.activemq.SERIALIZABLE_PACKAGES</code> system
property of the broker. You can add this system property to
<code>ACTIVEMQ_OPTS</code> variable in <code>${ACTIVEMQ_HOME}/bin/env</code>
scri
pt.</p><p>For example:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="java.lang,java.util,org.apache.activemq,org.fusesource.hawtbuf,com.thoughtworks.xstream.mapper,com.mycompany.myapp"</pre>
</div></div><p>will add <code>com.mycompany.myapp</code> package to the list
of trusted packages. Note that other packages listed here are enabled by
default as they are necessary for the regular broker work. In case you want to
shortcut this mechanism, you can allow all packages to be trusted by using
<code>*</code> wildcard, like</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">-Dorg.apache.activemq.SERIALIZABLE_PACKAGES="*"</pre>
-</div></div><h3 id="ObjectMessage-Clients">Clients</h3><p>On the client side,
you need to have this same mechanism as malicious code can be deserialized on
<code>ObjectMessage.getObject()</code> call, compromising your application's
environment. You can use the same configuration mechanism on the broker and
configure trusted classes using system properties. However, this is usually not
convenient in the client applications, so in <strong>5.13.1</strong> we
introduced additional configuration mechanism using
<code>ActiveMQConnectionFactory</code>. There are two additional methods
defined:</p><ul><li>The <code>setTrustedPackages()</code> method allows you to
set the list of trusted packages you want to be to unserialize,
like</li></ul><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
+</div></div><h3 id="ObjectMessage-Clients">Clients</h3><p>On the client side,
you need to have this same mechanism as malicious code can be deserialized on
<code>ObjectMessage.getObject()</code> call, compromising your application's
environment. You can use the same configuration mechanism on the broker and
configure trusted classes using system properties. However, this is usually not
convenient in the client applications, so in <strong>5.12.2</strong>
and <strong>5.13.1</strong> we introduced additional configuration
mechanism using <code>ActiveMQConnectionFactory</code>. There are two
additional methods defined:</p><ul><li>The <code>setTrustedPackages()</code>
method allows you to set the list of trusted packages you want to be to
unserialize, like</li></ul><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<pre class="brush: java; gutter: false; theme: Default"
style="font-size:12px;">ActiveMQConnectionFactory factory = new
ActiveMQConnectionFactory("tcp://localhost:61616");
factory.setTrustedPackages(new
ArrayList(Arrays.asList("org.apache.activemq.test,org.apache.camel.test")));</pre>
</div></div><ul><li>The <code>setTrustAllPackages()</code> allows you to
turn off security check and trust all classes. It's useful for testing
purposes.</li></ul><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">
Modified: websites/production/activemq/content/overview.html
==============================================================================
--- websites/production/activemq/content/overview.html (original)
+++ websites/production/activemq/content/overview.html Wed Jan 13 03:25:53 2016
@@ -72,7 +72,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><ul class="childpages-macro"><li><a
shape="rect" href="download.html">Download</a><ul
class="childpages-macro"><li><a shape="rect"
href="activemq-11-release.html">ActiveMQ 1.1 Release</a></li><li><a
shape="rect" href="activemq-12-release.html">ActiveMQ 1.2
Release</a></li><li><a shape="rect" href="activemq-13-release.html">ActiveMQ
1.3 Release</a></li><li><a shape="rect"
href="activemq-14-release.html">ActiveMQ 1.4 Release</a></li><li><a
shape="rect" href="activemq-15-release.html">ActiveMQ 1.5
Release</a></li><li><a shape="rect" href="activemq-20-release.html">ActiveMQ
2.0 Release</a></li><li><a shape="rect"
href="activemq-21-release.html">ActiveMQ 2.1 Release</a></li><li><a
shape="rect" href="activemq-30-release.html">ActiveMQ 3.0
Release</a></li><li><a shape="rect" href="activemq-31-release.html">ActiveMQ
3.1 Release</a></li><li><a shape="rect"
href="activemq-321-release.html">ActiveMQ 3.2.1 Release</a></li><li><a
shape="rect" href="activemq-
322-release.html">ActiveMQ 3.2.2 Release</a></li><li><a shape="rect"
href="activemq-32-release.html">ActiveMQ 3.2 Release</a></li><li><a
shape="rect" href="activemq-401-release.html">ActiveMQ 4.0.1
Release</a></li><li><a shape="rect" href="activemq-402-release.html">ActiveMQ
4.0.2 Release</a></li><li><a shape="rect"
href="activemq-40-m4-release.html">ActiveMQ 4.0 M4 Release</a></li><li><a
shape="rect" href="activemq-40-rc2-release.html">ActiveMQ 4.0 RC2
Release</a></li><li><a shape="rect" href="activemq-40-release.html">ActiveMQ
4.0 Release</a></li><li><a shape="rect"
href="activemq-410-release.html">ActiveMQ 4.1.0 Release</a></li><li><a
shape="rect" href="activemq-411-release.html">ActiveMQ 4.1.1
Release</a></li><li><a shape="rect" href="activemq-412-release.html">ActiveMQ
4.1.2 Release</a></li><li><a shape="rect"
href="activemq-500-release.html">ActiveMQ 5.0.0 Release</a></li><li><a
shape="rect" href="activemq-510-release.html">ActiveMQ 5.1.0
Release</a></li><li><a shape="rect" hr
ef="activemq-520-release.html">ActiveMQ 5.2.0 Release</a></li><li><a
shape="rect" href="activemq-530-release.html">ActiveMQ 5.3.0
Release</a></li><li><a shape="rect" href="activemq-531-release.html">ActiveMQ
5.3.1 Release</a></li><li><a shape="rect"
href="activemq-532-release.html">ActiveMQ 5.3.2 Release</a></li><li><a
shape="rect" href="activemq-540-release.html">ActiveMQ 5.4.0
Release</a></li><li><a shape="rect" href="activemq-541-release.html">ActiveMQ
5.4.1 Release</a></li><li><a shape="rect"
href="activemq-542-release.html">ActiveMQ 5.4.2 Release</a></li><li><a
shape="rect" href="activemq-543-release.html">ActiveMQ 5.4.3
Release</a></li><li><a shape="rect" href="activemq-550-release.html">ActiveMQ
5.5.0 Release</a></li><li><a shape="rect"
href="activemq-551-release.html">ActiveMQ 5.5.1 Release</a></li><li><a
shape="rect" href="activemq-560-release.html">ActiveMQ 5.6.0
Release</a></li><li><a shape="rect" href="activemq-570-release.html">ActiveMQ
5.7.0 Release</a></li><li><a shap
e="rect" href="activemq-580-release.html">ActiveMQ 5.8.0 Release</a><ul
class="childpages-macro"><li><a shape="rect" href="58-migration-guide.html">5.8
Migration Guide</a></li></ul></li><li><a shape="rect"
href="activemq-590-release.html">ActiveMQ 5.9.0 Release</a><ul
class="childpages-macro"><li><a shape="rect" href="59-migration-guide.html">5.9
Migration Guide</a></li></ul></li><li><a shape="rect"
href="activemq-591-release.html">ActiveMQ 5.9.1 Release</a></li><li><a
shape="rect" href="activemq-5100-release.html">ActiveMQ 5.10.0
Release</a></li><li><a shape="rect" href="activemq-5101-release.html">ActiveMQ
5.10.1 Release</a></li><li><a shape="rect"
href="activemq-5102-release.html">ActiveMQ 5.10.2 Release</a></li><li><a
shape="rect" href="activemq-5110-release.html">ActiveMQ 5.11.0
Release</a></li><li><a shape="rect" href="activemq-5111-release.html">ActiveMQ
5.11.1 Release</a></li><li><a shape="rect"
href="activemq-5112-release.html">ActiveMQ 5.11.2 Release</a></li><li><a shape="
rect" href="activemq-5113-release.html">ActiveMQ 5.11.3 Release</a></li><li><a
shape="rect" href="activemq-5120-release.html">ActiveMQ 5.12.0
Release</a></li><li><a shape="rect" href="activemq-5121-release.html">ActiveMQ
5.12.1 Release</a></li><li><a shape="rect"
href="activemq-5130-release.html">ActiveMQ 5.13.0 Release</a></li><li><a
shape="rect" href="in-progress.html">In Progress</a></li></ul></li><li><a
shape="rect" href="download-archives.html">Download Archives</a></li><li><a
shape="rect" href="javadocs.html">JavaDocs</a></li><li><a shape="rect"
href="news.html">News</a></li></ul> </div>
+<div class="wiki-content maincontent"><ul class="childpages-macro"><li><a
shape="rect" href="download.html">Download</a><ul
class="childpages-macro"><li><a shape="rect"
href="activemq-11-release.html">ActiveMQ 1.1 Release</a></li><li><a
shape="rect" href="activemq-12-release.html">ActiveMQ 1.2
Release</a></li><li><a shape="rect" href="activemq-13-release.html">ActiveMQ
1.3 Release</a></li><li><a shape="rect"
href="activemq-14-release.html">ActiveMQ 1.4 Release</a></li><li><a
shape="rect" href="activemq-15-release.html">ActiveMQ 1.5
Release</a></li><li><a shape="rect" href="activemq-20-release.html">ActiveMQ
2.0 Release</a></li><li><a shape="rect"
href="activemq-21-release.html">ActiveMQ 2.1 Release</a></li><li><a
shape="rect" href="activemq-30-release.html">ActiveMQ 3.0
Release</a></li><li><a shape="rect" href="activemq-31-release.html">ActiveMQ
3.1 Release</a></li><li><a shape="rect"
href="activemq-321-release.html">ActiveMQ 3.2.1 Release</a></li><li><a
shape="rect" href="activemq-
322-release.html">ActiveMQ 3.2.2 Release</a></li><li><a shape="rect"
href="activemq-32-release.html">ActiveMQ 3.2 Release</a></li><li><a
shape="rect" href="activemq-401-release.html">ActiveMQ 4.0.1
Release</a></li><li><a shape="rect" href="activemq-402-release.html">ActiveMQ
4.0.2 Release</a></li><li><a shape="rect"
href="activemq-40-m4-release.html">ActiveMQ 4.0 M4 Release</a></li><li><a
shape="rect" href="activemq-40-rc2-release.html">ActiveMQ 4.0 RC2
Release</a></li><li><a shape="rect" href="activemq-40-release.html">ActiveMQ
4.0 Release</a></li><li><a shape="rect"
href="activemq-410-release.html">ActiveMQ 4.1.0 Release</a></li><li><a
shape="rect" href="activemq-411-release.html">ActiveMQ 4.1.1
Release</a></li><li><a shape="rect" href="activemq-412-release.html">ActiveMQ
4.1.2 Release</a></li><li><a shape="rect"
href="activemq-500-release.html">ActiveMQ 5.0.0 Release</a></li><li><a
shape="rect" href="activemq-510-release.html">ActiveMQ 5.1.0
Release</a></li><li><a shape="rect" hr
ef="activemq-520-release.html">ActiveMQ 5.2.0 Release</a></li><li><a
shape="rect" href="activemq-530-release.html">ActiveMQ 5.3.0
Release</a></li><li><a shape="rect" href="activemq-531-release.html">ActiveMQ
5.3.1 Release</a></li><li><a shape="rect"
href="activemq-532-release.html">ActiveMQ 5.3.2 Release</a></li><li><a
shape="rect" href="activemq-540-release.html">ActiveMQ 5.4.0
Release</a></li><li><a shape="rect" href="activemq-541-release.html">ActiveMQ
5.4.1 Release</a></li><li><a shape="rect"
href="activemq-542-release.html">ActiveMQ 5.4.2 Release</a></li><li><a
shape="rect" href="activemq-543-release.html">ActiveMQ 5.4.3
Release</a></li><li><a shape="rect" href="activemq-550-release.html">ActiveMQ
5.5.0 Release</a></li><li><a shape="rect"
href="activemq-551-release.html">ActiveMQ 5.5.1 Release</a></li><li><a
shape="rect" href="activemq-560-release.html">ActiveMQ 5.6.0
Release</a></li><li><a shape="rect" href="activemq-570-release.html">ActiveMQ
5.7.0 Release</a></li><li><a shap
e="rect" href="activemq-580-release.html">ActiveMQ 5.8.0 Release</a><ul
class="childpages-macro"><li><a shape="rect" href="58-migration-guide.html">5.8
Migration Guide</a></li></ul></li><li><a shape="rect"
href="activemq-590-release.html">ActiveMQ 5.9.0 Release</a><ul
class="childpages-macro"><li><a shape="rect" href="59-migration-guide.html">5.9
Migration Guide</a></li></ul></li><li><a shape="rect"
href="activemq-591-release.html">ActiveMQ 5.9.1 Release</a></li><li><a
shape="rect" href="activemq-5100-release.html">ActiveMQ 5.10.0
Release</a></li><li><a shape="rect" href="activemq-5101-release.html">ActiveMQ
5.10.1 Release</a></li><li><a shape="rect"
href="activemq-5102-release.html">ActiveMQ 5.10.2 Release</a></li><li><a
shape="rect" href="activemq-5110-release.html">ActiveMQ 5.11.0
Release</a></li><li><a shape="rect" href="activemq-5111-release.html">ActiveMQ
5.11.1 Release</a></li><li><a shape="rect"
href="activemq-5112-release.html">ActiveMQ 5.11.2 Release</a></li><li><a shape="
rect" href="activemq-5113-release.html">ActiveMQ 5.11.3 Release</a></li><li><a
shape="rect" href="activemq-5120-release.html">ActiveMQ 5.12.0
Release</a></li><li><a shape="rect" href="activemq-5121-release.html">ActiveMQ
5.12.1 Release</a></li><li><a shape="rect"
href="activemq-5122-release.html">ActiveMQ 5.12.2 Release</a></li><li><a
shape="rect" href="activemq-5130-release.html">ActiveMQ 5.13.0
Release</a></li><li><a shape="rect" href="in-progress.html">In
Progress</a></li></ul></li><li><a shape="rect"
href="download-archives.html">Download Archives</a></li><li><a shape="rect"
href="javadocs.html">JavaDocs</a></li><li><a shape="rect"
href="news.html">News</a></li></ul> </div>
</td>
<td valign="top">
<div class="navigation">
