This is an automated email from the ASF dual-hosted git repository.
squakez pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new 3fb22bb6 chore(release): camel k 2.10.1, 2.9.2, 2.8.1
3fb22bb6 is described below
commit 3fb22bb6df240b8de0d9fd7d0b90a8b2f6574c74
Author: Pasquale Congiusti <[email protected]>
AuthorDate: Mon May 18 15:53:02 2026 +0200
chore(release): camel k 2.10.1, 2.9.2, 2.8.1
---
content/releases/k/release-2.10.1.md | 12 +++++++++++
content/releases/k/release-2.8.1.md | 12 +++++++++++
content/releases/k/release-2.9.2.md | 12 +++++++++++
content/security/CVE-2026-45760.md | 17 ++++++++++++++++
content/security/CVE-2026-45760.txt.asc | 36 +++++++++++++++++++++++++++++++++
5 files changed, 89 insertions(+)
diff --git a/content/releases/k/release-2.10.1.md
b/content/releases/k/release-2.10.1.md
new file mode 100644
index 00000000..506c773c
--- /dev/null
+++ b/content/releases/k/release-2.10.1.md
@@ -0,0 +1,12 @@
+---
+url: "/releases/k-2.10.1/"
+date: 2026-05-18
+type: release-note
+version: "2.10.1"
+title: "Camel-K 2.10.1"
+preview: ""
+changelog: ""
+category: "camel-k"
+milestone: 63
+jdk: [17,21]
+---
diff --git a/content/releases/k/release-2.8.1.md
b/content/releases/k/release-2.8.1.md
new file mode 100644
index 00000000..39f22f2c
--- /dev/null
+++ b/content/releases/k/release-2.8.1.md
@@ -0,0 +1,12 @@
+---
+url: "/releases/k-2.8.1/"
+date: 2026-05-18
+type: release-note
+version: "2.8.1"
+title: "Camel-K 2.8.1"
+preview: ""
+changelog: ""
+category: "camel-k"
+milestone: 65
+jdk: [17,21]
+---
diff --git a/content/releases/k/release-2.9.2.md
b/content/releases/k/release-2.9.2.md
new file mode 100644
index 00000000..09fd7c40
--- /dev/null
+++ b/content/releases/k/release-2.9.2.md
@@ -0,0 +1,12 @@
+---
+url: "/releases/k-2.9.2/"
+date: 2026-05-18
+type: release-note
+version: "2.9.2"
+title: "Camel-K 2.9.2"
+preview: ""
+changelog: ""
+category: "camel-k"
+milestone: 64
+jdk: [17,21]
+---
diff --git a/content/security/CVE-2026-45760.md
b/content/security/CVE-2026-45760.md
new file mode 100644
index 00000000..57d8113c
--- /dev/null
+++ b/content/security/CVE-2026-45760.md
@@ -0,0 +1,17 @@
+---
+title: "Apache Camel Security Advisory - CVE-2026-45760"
+date: 2026-05-18T09:00:00+02:00
+url: /security/CVE-2026-45760.html
+draft: false
+type: security-advisory
+cve: CVE-2026-45760
+severity: HIGH
+summary: "Camel K Cross-Namespace Build Deputy Attack"
+description: "(Externally Controlled Reference to a Resource in Another
Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in
Apache Camel K. Authorized users in a Kubernetes namespace can create a Build
resource, controlling the Pod generation in a namespace of their choice,
including the operator namespace."
+mitigation: "Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or
2.9.2), which fixes the issue."
+credit: "This issue was discovered by @j311yl0v3u ([email protected]) and
@b0b0haha ([email protected])"
+affected: "This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from
2.9.0 before 2.9.2, from 2.10.0 before 2.10.1."
+fixed: 2.8.1, 2.9.2 and 2.10.1
+---
+
+The pull requests https://github.com/apache/camel-k/pull/6626 (2.10.x),
https://github.com/apache/camel-k/pull/6627 (2.9.x) and
https://github.com/apache/camel-k/pull/6629 (2.8.x) refer to the commits that
resolved the issue, and have more details.
diff --git a/content/security/CVE-2026-45760.txt.asc
b/content/security/CVE-2026-45760.txt.asc
new file mode 100644
index 00000000..d8732c83
--- /dev/null
+++ b/content/security/CVE-2026-45760.txt.asc
@@ -0,0 +1,36 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+- ---
+title: "Apache Camel Security Advisory - CVE-2026-45760"
+date: 2026-05-18T09:00:00+02:00
+url: /security/CVE-2026-45760.html
+draft: false
+type: security-advisory
+cve: CVE-2026-45760
+severity: HIGH
+summary: "Camel K Cross-Namespace Build Deputy Attack"
+description: "(Externally Controlled Reference to a Resource in Another
Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in
Apache Camel K. Authorized users in a Kubernetes namespace can create a Build
resource, controlling the Pod generation in a namespace of their choice,
including the operator namespace."
+mitigation: "Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or
2.9.2), which fixes the issue."
+credit: "This issue was discovered by @j311yl0v3u ([email protected]) and
@b0b0haha ([email protected])"
+affected: "This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from
2.9.0 before 2.9.2, from 2.10.0 before 2.10.1."
+fixed: 2.8.1, 2.9.2 and 2.10.1
+- ---
+
+The pull requests https://github.com/apache/camel-k/pull/6626 (2.10.x),
https://github.com/apache/camel-k/pull/6627 (2.9.x) and
https://github.com/apache/camel-k/pull/6629 (2.8.x) refer to the commits that
resolved the issue, and have more details.
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEDV4jKJJJXejlQHXMrtxqiqrKh1YFAmoLFW4ACgkQrtxqiqrK
+h1bPQBAAtuADgjqNsw6jTNvVA0mbFKa5F1e62FpXWaanG1U6Ems+cWqLXPQuIZQm
+SXEavU9wpO9CFD9bDs9b/nEnkH3gVFtn71z6hOgts7w7gU8beaVas7wVszUNtAnU
+wqfqyULlwME/V5HytoTBbbn5BCJFOxEKz8a6ZQFFbPf+srLyzaP3iRugC7peUA3W
+qTtjaYtgBzpVv24G197UcnAkh2kch1cIj7w02r4eX+pKVoyUVU/Lmf1ZQoWJ99tI
+Pjl6qKqr1yT7G7sl46hHVjZDH8c62rOgaHpOcvRmV07hE+b8kGmrz7j/OakqT40k
+KJULsoNTn4se+yOiJvax1ukdyQwg1GAvJF/TFHjxKwe9mWUvmClWRUtq+TLPG7at
+LJw+zuQTuZPAv2oErwL0VBfV9VHlAxzobLdaz0IInuBf28HJEkSGleelO6TpS6hS
+02ZqPeQAjTpo72LYyeOVVoWmoGo2woeCXx+F+CNMZEOPNx83a71aD5se9sK9Hwlh
+XAyK/c7u/xp4j2CQKlv6xJJBE1Yb3NRq//xiVWSiCFYdlwi7BNQumotMxwdVO833
+njGyUzUYh9i1Ke81Z6041k71aOOKqmkKSuCW9RFe48IOoGNJK3ni48FurFlVGiho
+OiMHmt+hBj1QJYP9a0QqpPt9IgrjZ2UkcHz7lqAqB+b72qUujKQ=
+=VNY5
+-----END PGP SIGNATURE-----
