AMQ-6013 introduces the checks on the classes that are allowed to be serialized through ObjectMessages. The original implementation was designed to protect the broker, so system property configuration was the easiest solution.
This change affect the clients that uses ObjectMessages.getObject() method. We need to provide a better way of configuring this for clients. My initial idea is that we should provide a configuration on ActiveMQConnectionFactory and ActiveMQComponent classes.