Arnout Engelen created OPENWIRE-65: -------------------------------------- Summary: Document deserialization policy Key: OPENWIRE-65 URL: https://issues.apache.org/jira/browse/OPENWIRE-65 Project: ActiveMQ OpenWire Issue Type: Improvement Reporter: Arnout Engelen
Unrestricted deserialization of untrusted data is dangerous and can lead to remote code execution attacks. To be able to safely deserialize untrusted data, the Apache NMS ActiveMQ .Net client introduced deserialization policy options in version 2.1.0 ([https://www.mail-archive.com/dev@activemq.apache.org/msg68832.html]). It would be good to call out in the documentation that if you want to accept untrusted data, you should use these options. (I hope this is the correct Jira project to report this to, if not let me know and I'll re-file it to the correct one :)) -- This message was sent by Atlassian Jira (v8.20.10#820010)