You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2021/06/04 04:16:52 UTC

[activemq] branch activemq-5.15.x updated: AMQ-8117 - Allow java.util arrays for deserialization

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch activemq-5.15.x
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/activemq-5.15.x by this push:
     new e5d0abb  AMQ-8117 - Allow java.util arrays for deserialization
e5d0abb is described below

commit e5d0abba025cd84c141b7bfdc9084dce912f2308
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jun 3 14:42:42 2021 +0100

    AMQ-8117 - Allow java.util arrays for deserialization
    
    (cherry picked from commit 7ca7118a9544fd6b2aac4dd72fd3a6edc3369aca)
---
 .../java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java     | 1 +
 .../src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
index e4464f9..5774e34 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/plugin/SubQueueSelectorCacheBroker.java
@@ -380,6 +380,7 @@ public class SubQueueSelectorCacheBroker extends BrokerFilter implements Runnabl
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }
diff --git a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
index 71a7b93..341370f 100644
--- a/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
+++ b/activemq-kahadb-store/src/main/java/org/apache/activemq/store/kahadb/MessageDatabase.java
@@ -4079,6 +4079,7 @@ public abstract class MessageDatabase extends ServiceSupport implements BrokerSe
             if (!(desc.getName().startsWith("java.lang.")
                     || desc.getName().startsWith("com.thoughtworks.xstream")
                     || desc.getName().startsWith("java.util.")
+                    || desc.getName().length() > 2 && desc.getName().substring(2).startsWith("java.util.") // Allow arrays
                     || desc.getName().startsWith("org.apache.activemq."))) {
                 throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
             }