I think the issue has been resolved by whitelisting the classes that will
be deserialized as part of the ActiveMQObjectMessage, and the remaining
issue (for which I'll submit an enhancement request) is that we should look
for wide-open wildcards (i.e. "*" by itself as an element in the list) and
wa
Let's go back to some basics (I hope I read the thread correctly and the
current issue is messages showing as dequeued on the broker, but not
processed by the application).
One thing to note with ActiveMQ is the prefetch buffer comes into play and
can hold on to a number of messages on one consume
OK, I'll create an enhancement request for it. Thanks for confirming.
Tim
On Feb 12, 2016 12:58 PM, "mhemple" wrote:
> Yes I do understand. I already switched to a white list.
>
> No. when I start the broker (with everything white listed) there are no
> warnings about the security vulnerabilit
Yes I do understand. I already switched to a white list.
No. when I start the broker (with everything white listed) there are no
warnings about the security vulnerability.
Thanks again
--
View this message in context:
http://activemq.2283324.n4.nabble.com/Messages-dequeued-but-not-consumed
Happy to help, and sorry I didn't think of that recent change as a likely
explanation.
You should understand that the command line option you quoted is a security
vulnerability that you've explicitly opened in your own broker, which can
allow a malicious user to execute code on your system. The r
Got it fixed. Had a connector definition wrong on slave broker.xml. Have
pushed latest to the examples.
--
View this message in context:
http://activemq.2283324.n4.nabble.com/Error-while-master-boots-up-tp4707407p4707462.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
ObjectMessage serialization security was the issue.
*
ObjectMessage objects depend on Java serialization of marshal/unmarshal
object payload. This process is generally considered unsafe as malicious
payload can exploit the host system. That's why starting with versions
5.12.2 and 5.13.0, ActiveMQ
Hi Clebert
I tried to bring up the cluster after accepting pull request. But for some
reason backup server does not come up. Live comes up fine. I have pushed
latest config again. Can you please glance and let me know if you see
anything wrong in config?
Backup server just hangs after these m
First, for a question about GC problems, you should probably tell us what
GC strategy you're using, and why you chose it.
Second, you made the claim that "to increase the memory to 2Gb ... only
delaying the issue from happening," which implies that you believe you're
running out of memory because
Yep, if getObject() throws an exception, that explains what you're seeing,
so now it's just a matter of figuring out what's causing the exception.
I'd check that there is only one copy of your class on the classpath, and
that it's the same class definition on both the producer and the consumer.
get
10 matches
Mail list logo
