[AMQ-8348] Fix XmlMessageRenderer has the risk of XStream deserialization
diff --git a/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java b/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java
index 10caf9b..bfa0a06 100644
--- a/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java
+++ b/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java
@@ -42,6 +42,7 @@
     public XStream getXstream() {
         if (xstream == null) {
             xstream = new XStream();
+            XStream.setupDefaultSecurity(xstream);
         }
         return xstream;
     }