commit | c73998477879a7f1cccd371f0254ffd3829aa5ab | [log] [tgz] |
---|---|---|
author | Jean-Baptiste Onofré <jbonofre@apache.org> | Fri Jun 04 06:15:41 2021 +0200 |
committer | GitHub <noreply@github.com> | Fri Jun 04 06:15:41 2021 +0200 |
tree | 4d62b14e051122dd6b9fd25ee97178db04e3f3f4 | |
parent | ac27cc2cda1ac10d01bc87c1f875dcf278a9594f [diff] | |
parent | 7ca7118a9544fd6b2aac4dd72fd3a6edc3369aca [diff] |
Merge pull request #667 from coheigea/AMQ-8117 AMQ-8117 - Allow java.util arrays for deserialization
diff --git a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java index 47d4754..322e1e7 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java +++ b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
@@ -372,6 +372,7 @@ if (!(desc.getName().startsWith("java.lang.") || desc.getName().startsWith("com.thoughtworks.xstream") || desc.getName().startsWith("java.util.") + || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays || desc.getName().startsWith("org.apache.activemq."))) { throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName()); }
diff --git a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java index a41c15a..448cb6a 100644 --- a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java +++ b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
@@ -4250,6 +4250,7 @@ if (!(desc.getName().startsWith("java.lang.") || desc.getName().startsWith("com.thoughtworks.xstream") || desc.getName().startsWith("java.util.") + || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays || desc.getName().startsWith("org.apache.activemq."))) { throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName()); }