And the takeaway from that thread is that ActiveMQ 5.13.0 is already secure, even with the vulnerable version of commons-collections, unless you explicitly configure it to allow deserialization of the problematic classes.
Versions prior to 5.13.0, however, are vulnerable. Tim On Dec 9, 2015 10:39 AM, "jahlborn" <jahlb...@gmail.com> wrote: > Duplicate of this thread: > > http://activemq.2283324.n4.nabble.com/Java-December-vulnerability-tp4704610.html > > > > > -- > View this message in context: > http://activemq.2283324.n4.nabble.com/ActiveMQ-and-commons-collection-security-vulnerabilty-tp4704819p4704820.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. >
