Arnout Engelen created OPENWIRE-65:
--------------------------------------
Summary: Document deserialization policy
Key: OPENWIRE-65
URL: https://issues.apache.org/jira/browse/OPENWIRE-65
Project: ActiveMQ OpenWire
Issue Type: Improvement
Reporter: Arnout Engelen
Unrestricted deserialization of untrusted data is dangerous and can lead to
remote code execution attacks.
To be able to safely deserialize untrusted data, the Apache NMS ActiveMQ .Net
client introduced deserialization policy options in version 2.1.0
([https://www.mail-archive.com/dev@activemq.apache.org/msg68832.html]).
It would be good to call out in the documentation that if you want to accept
untrusted data, you should use these options.
(I hope this is the correct Jira project to report this to, if not let me know
and I'll re-file it to the correct one :))
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
