[
https://issues.apache.org/jira/browse/AMQ-6077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15056500#comment-15056500
]
ASF subversion and git services commented on AMQ-6077:
------------------------------------------------------
Commit 7a262b74dbdec043bae4f0aa01a4fd3a6e10243d in activemq's branch
refs/heads/activemq-5.12.x from [~dejanb]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=7a262b7 ]
https://issues.apache.org/jira/browse/AMQ-6077 - define object message trusted
packages on connection factory
(cherry picked from commit 94446e53dc348b9109dff46e92484ed9e6cc1d72)
(cherry picked from commit 5e02e305ea39314589329643c164be62d5b35592)
> Better configuration of restricted classes for clients
> ------------------------------------------------------
>
> Key: AMQ-6077
> URL: https://issues.apache.org/jira/browse/AMQ-6077
> Project: ActiveMQ
> Issue Type: Improvement
> Affects Versions: 5.13.0
> Reporter: Dejan Bosanac
> Assignee: Dejan Bosanac
> Fix For: 5.12.2, 5.13.1, 5.14.0
>
>
> [AMQ-6013] introduces the checks on the classes that are allowed to be
> serialized through ObjectMessages. The original implementation was designed
> to protect the broker, so system property configuration was the easiest
> solution.
> This change affect the clients that uses ObjectMessages.getObject() method.
> We need to provide a better way of configuring this for clients. My initial
> idea is that we should provide a configuration on ActiveMQConnectionFactory
> and ActiveMQComponent classes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
