From 099108239cc9fb81a8d1cbdc48467fe30ba6529c Mon Sep 17 00:00:00 2001
From: xingrufei <xingrufei@sogou-inc.com>
Date: Thu, 5 Aug 2021 15:50:28 +0800
Subject: [PATCH] [AMQ-8348] Fix XmlMessageRenderer has the risk of XStream
 deserialization

---
 .../java/org/apache/activemq/web/view/XmlMessageRenderer.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java b/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java
index 10caf9b072..bfa0a06fcd 100644
--- a/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java
+++ b/activemq-web/src/main/java/org/apache/activemq/web/view/XmlMessageRenderer.java
@@ -42,6 +42,7 @@ public class XmlMessageRenderer extends SimpleMessageRenderer {
     public XStream getXstream() {
         if (xstream == null) {
             xstream = new XStream();
+            XStream.setupDefaultSecurity(xstream);
         }
         return xstream;
     }