[jira] [Commented] (AMQ-8117) VirtualSelectorCacheBrokerPlugin throws false positive exception

Thu, 03 Jun 2021 21:17:05 -0700 


    [ 
https://issues.apache.org/jira/browse/AMQ-8117?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17357050#comment-17357050
 ] 

ASF subversion and git services commented on AMQ-8117:
------------------------------------------------------

Commit f3e90aab446bb1fc88feba64e710d80dcc03dab1 in activemq's branch 
refs/heads/activemq-5.16.x from Colm O hEigeartaigh
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=f3e90aa ]

AMQ-8117 - Allow java.util arrays for deserialization

(cherry picked from commit 7ca7118a9544fd6b2aac4dd72fd3a6edc3369aca)


> VirtualSelectorCacheBrokerPlugin throws false positive exception
> ----------------------------------------------------------------
>
>                 Key: AMQ-8117
>                 URL: https://issues.apache.org/jira/browse/AMQ-8117
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.16.0, 5.15.12, 5.15.13, 5.15.14
>            Reporter: Joost
>            Assignee: Jean-Baptiste Onofré
>            Priority: Blocker
>             Fix For: 5.15.16, 5.16.3
>
>         Attachments: activemq.xml, file.data, 
> image-2021-01-07-09-36-50-044.png
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> Dear,
> The VirtualSelectorCacheBrokerPlugin throws an error in the following method:
> {code:java}
> if (!(desc.getName().equals("java.lang.String") || 
> desc.getName().startsWith("java.util."))) {
>  throw new InvalidClassException("Unauthorized deserialization attempt", 
> desc.getName());
>  }
> {code}
> This exception is thrown because there are some lines in the selector cache 
> file that do not match the given "startsWith("java.util.")". The code will 
> throw an exception because of the "[L" prefix in front of some java.util. 
> elements in the file:
> !image-2021-01-07-09-36-50-044.png!
> My activemq.xml and file.data are attached to this ticket.
> The selector cache is working fine if I use ActiveMQ version 5.15.11 or below.
> I have tried to add jdk.serialFilters for the Concurrent Hashmap, like:
> wrapper.java.additional.13=-Djdk.serialFilter=java.util.** (wrapper.conf) and 
> also tried to add this to the java security file, but that did not work.
> I hope this issue can be fixed or if it is not a bug, the documentation can 
> be complemented with some notes on how to configure this filters the right 
> way.
> Best regards,
> Joost



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to