This certainly seems related, although it predates the vulerability notice:
https://issues.apache.org/jira/browse/AMQ-6013 -- View this message in context: http://activemq.2283324.n4.nabble.com/Java-December-vulnerability-tp4704610p4704615.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
