You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Zixuan Liu (Jira)" <ji...@apache.org> on 2021/08/05 07:28:00 UTC

[jira] [Created] (AMQ-8348) XmlMessageRenderer has the risk of XStream deserialization

Zixuan Liu created AMQ-8348:
-------------------------------

             Summary: XmlMessageRenderer has the risk of XStream deserialization
                 Key: AMQ-8348
                 URL: https://issues.apache.org/jira/browse/AMQ-8348
             Project: ActiveMQ
          Issue Type: Improvement
            Reporter: Zixuan Liu


XmlMessageRenderer.getXstream() method:
{code:java}
public XStream getXstream() {
 if (xstream == null) {
   xstream = new XStream();
 }
 return xstream;
}{code}

There is a risk of XStream deserialization



--
This message was sent by Atlassian Jira
(v8.3.4#803005)