This is an automated email from the ASF dual-hosted git repository. nfilotto pushed a commit to branch essobedo/DPE-642/add-groovy-sub-projects in repository https://gitbox.apache.org/repos/asf/camel-karaf.git
commit 27528627d6adbc521f1395097136164ccb2c6bbe Author: Andreas Mattes <andreasmat...@fastmail.de> AuthorDate: Fri Jan 17 15:06:42 2025 +0100 DPE-570 camel-robotframework disabled as unsecure. robotframework 4.1.2 security vulnerabilities from embedded commons-compress 1.19: CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090, CVE-2024-25710 --- features/src/main/feature/camel-features.xml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/features/src/main/feature/camel-features.xml b/features/src/main/feature/camel-features.xml index a3ff7241a..d22b0fab4 100644 --- a/features/src/main/feature/camel-features.xml +++ b/features/src/main/feature/camel-features.xml @@ -2562,13 +2562,15 @@ <bundle dependency='true'>mvn:commons-io/commons-io/${commons-io-version}</bundle> <bundle>mvn:org.apache.camel.karaf/camel-rest-openapi/${upstream.version}</bundle> </feature> - <feature name='camel-robotframework' version='${upstream.version}' start-level='50'> + <!-- Disabled because of security vulnerabilities from embedded commons-compress 1.19 --> + <!-- CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090, CVE-2024-25710 --> + <!-- <feature name='camel-robotframework' version='${upstream.version}' start-level='50'> <feature version='${camel-osgi-version-range}'>camel-core</feature> <bundle dependency='true'>wrap:mvn:org.robotframework/robotframework/${robotframework-version}</bundle> <bundle dependency='true'>wrap:mvn:org.python/jython/${jython-version}</bundle> <bundle dependency='true'>wrap:mvn:org.python/jython-standalone/${jython-standalone.tesb.version}</bundle> <bundle>mvn:org.apache.camel.karaf/camel-robotframework/${upstream.version}</bundle> - </feature> + </feature> --> <feature name='camel-rocketmq' version='${upstream.version}' start-level='50'> <feature version='${camel-osgi-version-range}'>camel-core</feature> <bundle dependency='true'>mvn:org.apache.commons/commons-lang3/${commons-lang3-version}</bundle>