[jira] [Updated] (AMQ-7399) SERIALIZABLE_PACKAGES should be limited by default

Jira Fri, 07 Feb 2020 03:54:48 -0800


     [ 
https://issues.apache.org/jira/browse/AMQ-7399?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jean-Baptiste Onofré updated AMQ-7399:
--------------------------------------
    Description: To avoid potential security issue when using 
{{ObjectMessage}}, {{SERIALIZABLE_PACKAGE}} should be limited by default. Now, 
it contains {{java.lang, ...}}  (was: To avoid potential security issue when 
using {{ObjectMessage}}, {{SERIALIZABLE_PACKAGE}} should be empty by default. 
Now, it contains {{java.lang, ...}})

> SERIALIZABLE_PACKAGES should be limited by default
> --------------------------------------------------
>
>                 Key: AMQ-7399
>                 URL: https://issues.apache.org/jira/browse/AMQ-7399
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.15.10, 5.15.11
>            Reporter: Jean-Baptiste Onofré
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>             Fix For: 5.16.0, 5.15.12
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> To avoid potential security issue when using {{ObjectMessage}}, 
> {{SERIALIZABLE_PACKAGE}} should be limited by default. Now, it contains 
> {{java.lang, ...}}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (AMQ-7399) SERIALIZABLE_PACKAGES should be limited by default

Reply via email to