AMQ-8117 - Allow java.util arrays for deserialization

activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java

@@ -372,6 +372,7 @@ public class SubQueueSelectorCacheBroker extends BrokerFilter implements Runnabl
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }

activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java

@@ -4250,6 +4250,7 @@ public abstract class MessageDatabase extends ServiceSupport implements BrokerSe
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }