[ https://issues.apache.org/jira/browse/AMQNET-835?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Timothy A. Bish moved OPENWIRE-65 to AMQNET-835: ------------------------------------------------ Key: AMQNET-835 (was: OPENWIRE-65) Project: ActiveMQ .Net (was: ActiveMQ OpenWire) > Document deserialization policy > ------------------------------- > > Key: AMQNET-835 > URL: https://issues.apache.org/jira/browse/AMQNET-835 > Project: ActiveMQ .Net > Issue Type: Improvement > Reporter: Arnout Engelen > Priority: Major > > Unrestricted deserialization of untrusted data is dangerous and can lead to > remote code execution attacks. > To be able to safely deserialize untrusted data, the Apache NMS ActiveMQ .Net > client introduced deserialization policy options in version 2.1.0 > ([https://www.mail-archive.com/dev@activemq.apache.org/msg68832.html]). > It would be good to call out in the documentation that if you want to accept > untrusted data, you should use these options. > (I hope this is the correct Jira project to report this to, if not let me > know and I'll re-file it to the correct one :)) -- This message was sent by Atlassian Jira (v8.20.10#820010)