I think the issue has been resolved by whitelisting the classes that will be deserialized as part of the ActiveMQObjectMessage, and the remaining issue (for which I'll submit an enhancement request) is that we should look for wide-open wildcards (i.e. "*" by itself as an element in the list) and warn that the user is opening a security vulnerability. I don't believe the OP needs or plans any further investigation
We should probably also update http://activemq.apache.org/objectmessage.html to more strongly discourage using a wide-open wildcard; it's a bad thing, but the language on the page makes it sound like something we recommend. Tim On Feb 12, 2016 2:49 PM, "artnaseef" <a...@artnaseef.com> wrote: > Let's go back to some basics (I hope I read the thread correctly and the > current issue is messages showing as dequeued on the broker, but not > processed by the application). > > One thing to note with ActiveMQ is the prefetch buffer comes into play and > can hold on to a number of messages on one consumer, causing another > consumer to "starve". > > How many consumers are active on the queue? > > Looking at the consumer stats (either on the webconsole or via > jconsole/visualvm/...), what is the enqueue and dequeue count for each > consumer? What is the enqueue and dequeue count for the queue? > > If you find it, what is the inflight count for the queue? > > > > -- > View this message in context: > http://activemq.2283324.n4.nabble.com/Messages-dequeued-but-not-consumed-tp4707380p4707475.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. >
