oscerd opened a new pull request, #23282:
URL: https://github.com/apache/camel/pull/23282
## What
Adds a **`Core router-engine invariants`** subsection to the project
security model (`docs/user-manual/modules/ROOT/pages/security-model.adoc`),
between the existing *Security properties and violation severity* impact
table and *In-scope vulnerability classes*.
## Why
The existing properties table is a **cross-component impact view** — every
row is framed at the point a *component* ingests untrusted input. It does
not separately state the invariants **`camel-core` (the router engine)**
upholds on its own. An automated security-triage pass against the model
flagged this as a soft gap in the "security properties provided" section:
findings located in a `core/camel-*` module (the largest, most-scanned
surface) could not be routed to a property and a disposition without
re-deriving the trust model, leading to systematic over-reporting on core.
This subsection adds the companion **engine view** — what the routing
engine, the `Exchange`/`Message` model, the EIP processors, the
expression / language / property-placeholder resolution, and the
type-converter and data-format registries guarantee independently of any
one component — with the same `property → violation symptom → indicative
severity` shape as the existing table.
## Scope
- **Strict superset. No behavioural or scope change.** Every invariant is
the engine-layer projection of an in-scope vulnerability class, or of the
trust boundary, **already ratified in this document** (expression/template
injection; Camel-header / bean-dispatch abuse; unsafe deserialisation,
incl. CVE-2015-0263; the CVE-2025-27636 header-promotion family; and the
management-surface and DoS out-of-scope items, to which it explicitly
defers).
- **Documentation only**; +61 lines, single file. Builds on the
security-model work merged in #23253.
- No new `xref:`/includes/attributes; the table is cloned structurally from
the existing one, so the camel-website strict Antora build is unaffected.
## Review note
This is a security-policy document — for **PMC review**. Per the project AI
rules of engagement this PR will **not** be merged or approved by an agent;
human approval is required.
_Claude Code (Opus 4.7) on behalf of Andrea Cosentino_
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
