You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by tb...@apache.org on 2020/03/11 09:33:56 UTC
[brooklyn-server] branch master updated: update comment to note
potential vulnerabilities for JmxmpAgent
This is an automated email from the ASF dual-hosted git repository.
tbouron pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
The following commit(s) were added to refs/heads/master by this push:
new 7266ec2 update comment to note potential vulnerabilities for JmxmpAgent
new c59b75a Merge pull request #1088 from geomacy/jmxmp-update-comment
7266ec2 is described below
commit 7266ec2e5ccd9fee163fd5aa8217814b3841b876
Author: Geoff Macartney <ge...@gmail.com>
AuthorDate: Mon Mar 9 23:32:45 2020 +0000
update comment to note potential vulnerabilities for JmxmpAgent
---
.../src/main/java/org/apache/brooklyn/util/jmx/jmxmp/JmxmpAgent.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/utils/jmx/jmxmp-ssl-agent/src/main/java/org/apache/brooklyn/util/jmx/jmxmp/JmxmpAgent.java b/utils/jmx/jmxmp-ssl-agent/src/main/java/org/apache/brooklyn/util/jmx/jmxmp/JmxmpAgent.java
index 488e7f5..1dccbc4 100644
--- a/utils/jmx/jmxmp-ssl-agent/src/main/java/org/apache/brooklyn/util/jmx/jmxmp/JmxmpAgent.java
+++ b/utils/jmx/jmxmp-ssl-agent/src/main/java/org/apache/brooklyn/util/jmx/jmxmp/JmxmpAgent.java
@@ -47,8 +47,11 @@ import org.apache.brooklyn.util.jmx.jmxmp.JmxmpAgent;
/**
- * This exposes JMX access over JMXMP, suitable for high-security environments,
+ * This exposes JMX access over JMXMP. This is intended to be suitable for high-security environments,
* with support for going through firewalls as well as encrypting and authenticating securely.
+ * Note, however, that implementations of JMX/RMI are potentially vulnerable to java
+ * deserialization attacks. Users should attend to the security of these components in line with their best
+ * practices, and verify that JMXMP is suitable for their requirements before using this class.
* <p>
* Listens on 11099 unless overridden by system property brooklyn.jmxmp.port.
* <p>