This is an automated email from the ASF dual-hosted git repository.

nfilotto pushed a commit to branch essobedo/DPE-642/add-groovy-sub-projects
in repository https://gitbox.apache.org/repos/asf/camel-karaf.git

commit 27528627d6adbc521f1395097136164ccb2c6bbe
Author: Andreas Mattes <andreasmat...@fastmail.de>
AuthorDate: Fri Jan 17 15:06:42 2025 +0100

    DPE-570 camel-robotframework disabled as unsecure.
    
    robotframework 4.1.2 security vulnerabilities from embedded 
commons-compress 1.19:
    CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090, 
CVE-2024-25710
---
 features/src/main/feature/camel-features.xml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/features/src/main/feature/camel-features.xml 
b/features/src/main/feature/camel-features.xml
index a3ff7241a..d22b0fab4 100644
--- a/features/src/main/feature/camel-features.xml
+++ b/features/src/main/feature/camel-features.xml
@@ -2562,13 +2562,15 @@
         <bundle 
dependency='true'>mvn:commons-io/commons-io/${commons-io-version}</bundle>
         
<bundle>mvn:org.apache.camel.karaf/camel-rest-openapi/${upstream.version}</bundle>
     </feature>
-    <feature name='camel-robotframework' version='${upstream.version}' 
start-level='50'>
+    <!-- Disabled because of security vulnerabilities from embedded 
commons-compress 1.19 -->
+    <!-- CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090, 
CVE-2024-25710 -->
+    <!-- <feature name='camel-robotframework' version='${upstream.version}' 
start-level='50'>
         <feature version='${camel-osgi-version-range}'>camel-core</feature>
         <bundle 
dependency='true'>wrap:mvn:org.robotframework/robotframework/${robotframework-version}</bundle>
         <bundle 
dependency='true'>wrap:mvn:org.python/jython/${jython-version}</bundle>
         <bundle 
dependency='true'>wrap:mvn:org.python/jython-standalone/${jython-standalone.tesb.version}</bundle>
         
<bundle>mvn:org.apache.camel.karaf/camel-robotframework/${upstream.version}</bundle>
-    </feature>
+    </feature> -->
     <feature name='camel-rocketmq' version='${upstream.version}' 
start-level='50'>
         <feature version='${camel-osgi-version-range}'>camel-core</feature>
         <bundle 
dependency='true'>mvn:org.apache.commons/commons-lang3/${commons-lang3-version}</bundle>

Reply via email to