[prev in list] [next in list] [prev in thread] [next in thread]
List: activemq-dev
Subject: Re: [VOTE] Release activemq-nms-openwire 2.1.0-rc1
From: jgenender () apache ! org
Date: 2023-02-27 15:13:59
Message-ID: 3626D8BE-55CE-4827-8F0F-7824345AE24C () apache ! org
[Download RAW message or body]
Yeah it actually should be on both. private@ is where the vote actually counts. dev@ is for keeping it public.
Jeff
> On Feb 27, 2023, at 8:10 AM, Bruce Snyder <bruce.snyder@gmail.com> wrote:
>
> Whoops, now I see it's on both. My mistake.
>
> Bruce
>
> On Mon, Feb 27, 2023 at 8:09 AM Bruce Snyder <bruce.snyder@gmail.com> wrote:
>
>> This vote should be moved to the dev@ list.
>>
>> Bruce
>>
>> On Sun, Feb 26, 2023 at 4:09 AM Havret <havret@apache.org> wrote:
>>
>>> Hi all,
>>>
>>> I have put together another release of activemq-nms-openwire. Please
>>> review
>>> it and vote accordingly.
>>>
>>> This release includes an important new feature that allows users to
>>> specify
>>> an allow/deny list of types for binary serialization. This can help
>>> prevent
>>> potential security vulnerabilities.
>>>
>>> The feature is implemented in the same way as in qpid-jms, using a
>>> deserialization policy that controls which types can be trusted for
>>> deserialization from an incoming NMS IObjectMessage containing serialized
>>> .NET Object content. By default, all types are trusted during
>>> deserialization. However, the default Deserialization Policy object
>>> provides URI options for specifying an allow list and a deny list of .NET
>>> classes or namespaces.
>>>
>>> The following options are available:
>>>
>>> - nms.deserializationPolicy.allowList: A comma-separated list of
>>> classes/namespaces that are allowed during deserialization, unless they
>>> are
>>> overridden by the deny list. Names in this list are not pattern values;
>>> the
>>> exact class or namespace name must be configured (e.g.
>>> "System.Collections.Queue" or "System.Collections"). Namespace matches
>>> include sub-namespaces. The default is to allow all.
>>> - nms.deserializationPolicy.denyList: A comma-separated list of
>>> classes/namespaces that are rejected during deserialization. Names in this
>>> list are not pattern values; the exact class or namespace name must be
>>> configured (e.g. "System.Collections.Queue" or "System.Collections").
>>> Namespace matches include sub-namespaces. The default is to reject none.
>>>
>>> This release contains the following change:
>>> *
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311201&version=12352935
>>> <
>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311201&version=12352935
>>>> *
>>>
>>> The files can be grabbed from:
>>>
>>> https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-openwire/2.1.0-rc1/
>>>
>>> Regards,
>>> Chris
>>>
>>> Here's mine +1 (binding)
>>>
>>
>>
>> --
>> perl -e 'print
>> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" );'
>> http://bsnyder.org/ <http://bruceblog.org/>
>>
>
>
> --
> perl -e 'print
> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" );'
> http://bsnyder.org/ <http://bruceblog.org/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic