You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/06/03 13:44:00 UTC

[jira] [Work logged] (AMQ-8117) VirtualSelectorCacheBrokerPlugin throws false positive exception

     [ https://issues.apache.org/jira/browse/AMQ-8117?focusedWorklogId=605924&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-605924 ]

ASF GitHub Bot logged work on AMQ-8117:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 03/Jun/21 13:43
            Start Date: 03/Jun/21 13:43
    Worklog Time Spent: 10m 
      Work Description: coheigea opened a new pull request #667:
URL: https://github.com/apache/activemq/pull/667


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 605924)
    Remaining Estimate: 0h
            Time Spent: 10m

> VirtualSelectorCacheBrokerPlugin throws false positive exception
> ----------------------------------------------------------------
>
>                 Key: AMQ-8117
>                 URL: https://issues.apache.org/jira/browse/AMQ-8117
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.16.0, 5.15.12, 5.15.13, 5.15.14
>            Reporter: Joost
>            Assignee: Jean-Baptiste Onofré
>            Priority: Blocker
>             Fix For: 5.15.16, 5.16.3
>
>         Attachments: activemq.xml, file.data, image-2021-01-07-09-36-50-044.png
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Dear,
> The VirtualSelectorCacheBrokerPlugin throws an error in the following method:
> {code:java}
> if (!(desc.getName().equals("java.lang.String") || desc.getName().startsWith("java.util."))) {
>  throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
>  }
> {code}
> This exception is thrown because there are some lines in the selector cache file that do not match the given "startsWith("java.util.")". The code will throw an exception because of the "[L" prefix in front of some java.util. elements in the file:
> !image-2021-01-07-09-36-50-044.png!
> My activemq.xml and file.data are attached to this ticket.
> The selector cache is working fine if I use ActiveMQ version 5.15.11 or below.
> I have tried to add jdk.serialFilters for the Concurrent Hashmap, like:
> wrapper.java.additional.13=-Djdk.serialFilter=java.util.** (wrapper.conf) and also tried to add this to the java security file, but that did not work.
> I hope this issue can be fixed or if it is not a bug, the documentation can be complemented with some notes on how to configure this filters the right way.
> Best regards,
> Joost



--
This message was sent by Atlassian Jira
(v8.3.4#803005)