ObjectMessage objects depend on Java serialization of marshal/unmarshal object payload. This process is generally considered unsafe as malicious payload can exploit the host system. That's why starting with versions 5.12.2 and 5.13.0, ActiveMQ enforces users to explicitly whitelist packages that can be exchanged using ObjectMessages.
If you need to exchange object messages, you need to add packages your applications are using. You can do that with by using org.apache.activemq.SERIALIZABLE_PACKAGES system property of the broker. You can add this system property to ACTIVEMQ_OPTS variable in ${ACTIVEMQ_HOME}/bin/env script.
来源:oschina
链接:https://my.oschina.net/u/2308739/blog/727878