(hmm.. I had already sent the previous +1, sorry, I thought this was another spin or something).
please make sure you only consider one vote from me.. my bad On Wed, Mar 15, 2023 at 12:19 PM Clebert Suconic <clebert.suco...@gmail.com> wrote: > > +1 > > On Wed, Mar 15, 2023 at 9:42 AM Michael André Pearce > <michaelpea...@apache.org> wrote: > > > > +1 (Binding0 > > > > Best > > Mike > > > > On 2023/03/12 21:21:41 Clebert Suconic wrote: > > > +1 > > > > > > On Sun, Mar 12, 2023 at 6:27 AM Havret <hav...@apache.org> wrote: > > > > > > > Hi all, > > > > > > > > I have put together another release of activemq-nms-amqp. Please review > > > > it > > > > and vote accordingly. > > > > > > > > This release includes an important new feature that allows users to > > > > specify > > > > an allow/deny list of types for binary serialization. This can help > > > > prevent > > > > potential security vulnerabilities. > > > > > > > > The feature is implemented in the same way as in qpid-jms, using a > > > > deserialization policy that controls which types can be trusted for > > > > deserialization from an incoming NMS IObjectMessage containing > > > > serialized > > > > .NET Object content. By default, all types are trusted during > > > > deserialization. However, the default Deserialization Policy object > > > > provides URI options for specifying an allow list and a deny list of > > > > .NET > > > > classes or namespaces. > > > > > > > > The following options are available: > > > > > > > > - nms.deserializationPolicy.allowList: A comma-separated list of > > > > classes/namespaces that are allowed during deserialization, unless they > > > > are > > > > overridden by the deny list. Names in this list are not pattern values; > > > > the > > > > exact class or namespace name must be configured (e.g. > > > > "System.Collections.Queue" or "System.Collections"). Namespace matches > > > > include sub-namespaces. The default is to allow all. > > > > - nms.deserializationPolicy.denyList: A comma-separated list of > > > > classes/namespaces that are rejected during deserialization. Names in > > > > this > > > > list are not pattern values; the exact class or namespace name must be > > > > configured (e.g. "System.Collections.Queue" or "System.Collections"). > > > > Namespace matches include sub-namespaces. The default is to reject none. > > > > > > > > This release contains the following change: > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311201&version=12353001 > > > > > > > > The files can be grabbed from: > > > > > > > > https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/2.1.0-rc1/ > > > > > > > > Regards, > > > > Chris > > > > > > > > Here's mine +1 (binding) > > > > > > > -- > > > Clebert Suconic > > > > > > > -- > Clebert Suconic -- Clebert Suconic
