[AMQNET-835] Document deserialization policy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Unrestricted deserialization of untrusted data is dangerous and can lead to remote code execution attacks.

To be able to safely deserialize untrusted data, the Apache NMS ActiveMQ .Net client introduced deserialization policy options in version 2.1.0 (https://www.mail-archive.com/dev@activemq.apache.org/msg68832.html).

It would be good to call out in the documentation that if you want to accept untrusted data, you should use these options.

(I hope this is the correct Jira project to report this to, if not let me know and I'll re-file it to the correct one )

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Arnout Engelen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Aug/23 09:27

Updated:: 25/Aug/23 13:30