does this resolve the following, looks like it does to me, same sort of issue about restricting access to the resource loader:
iDefense VCP Submission V-ay6t2oua0k
Apache ActiveMQ Directory Traversal Vulnerability
Remote exploitation of a directory traversal vulnerability in Apache Software Foundation's Apache ActiveMQ could allow an attacker to download files from a restricted directory, which can result in information disclosure.
Apache ActiveMQ is a messaging and enterprise integration patterns provider. The platform provides a Message Broker which handles communication between several different applications. Apache ActiveMQ supports many popular development languages including C/C++, Python, Java, and .NET. Apache ActiveMQ runs on a variety of platforms, including Windows, Linux and Solaris
For more information, see the vendor's site at the following link: http://activemq.apache.org
The vulnerability is due to a failure by the Message Broker to restrict directory traversals. As a result, sensitive locations outside the configured Message Broker restricted directory can be accessed by an attacker. No authentication is required to access the ActiveMQ Message Broker service.
Exploitation of this vulnerability could allow an attacker to gain control over the affected machine.
By specifying a URL location with multiple directory traversal sequences such as "/\../\../\", it is possible for an attacker to access sensitive files hosted on the Message Broker Server using the privileges associated with the Message Broker process. An attacker may be able to read important system files, which will result in information disclosure, and can potentially lead to full host compromise.
iDefense considers this vulnerability to be of MEDIUM severity because the vulnerability leads to information disclosure.