mirror of https://github.com/apache/activemq.git
AMQ-8117 - Allow java.util arrays for deserialization
This commit is contained in:
parent
ac27cc2cda
commit
7ca7118a95
|
@ -372,6 +372,7 @@ public class SubQueueSelectorCacheBroker extends BrokerFilter implements Runnabl
|
|||
if (!(desc.getName().startsWith("java.lang.")
|
||||
|| desc.getName().startsWith("com.thoughtworks.xstream")
|
||||
|| desc.getName().startsWith("java.util.")
|
||||
|| desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
|
||||
|| desc.getName().startsWith("org.apache.activemq."))) {
|
||||
throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
|
||||
}
|
||||
|
|
|
@ -4250,6 +4250,7 @@ public abstract class MessageDatabase extends ServiceSupport implements BrokerSe
|
|||
if (!(desc.getName().startsWith("java.lang.")
|
||||
|| desc.getName().startsWith("com.thoughtworks.xstream")
|
||||
|| desc.getName().startsWith("java.util.")
|
||||
|| desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
|
||||
|| desc.getName().startsWith("org.apache.activemq."))) {
|
||||
throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue