Uploaded image for project: 'JBoss A-MQ'
  1. JBoss A-MQ
  2. ENTMQ-1183

Restrict classes that can be serialized in ObjectMessages

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: JBoss A-MQ 6.0, JBoss A-MQ 6.1, JBoss A-MQ 6.2
    • Fix Version/s: JBoss A-MQ 6.2.1
    • Component/s: None
    • Security Sensitive Issue:
      This issue is security relevant

      Description

      There's a new ActiveMQ CVE in progress. https://issues.apache.org/jira/browse/AMQ-6013 fixes the problem. We need to port the change to all our supported product branches before we can disclose the issue.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  dbosanac Dejan Bosanac
                  Reporter:
                  dbosanac Dejan Bosanac
                  Involved:
                  Jason Sherman, Susan Javurek
                  Tester:
                  Jakub Knetl
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: