This is an automated email from the ASF dual-hosted git repository.
oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 3cc1afdceb5e CAMEL-23762: camel-whatsapp - document webhookSecret
option in 4.21/4.18/4.14 upgrade guides (#24090)
3cc1afdceb5e is described below
commit 3cc1afdceb5ef1600d87ab54cde353d5df34d197
Author: Andrea Cosentino <[email protected]>
AuthorDate: Wed Jun 17 20:22:45 2026 +0200
CAMEL-23762: camel-whatsapp - document webhookSecret option in
4.21/4.18/4.14 upgrade guides (#24090)
CAMEL-23762: camel-whatsapp - document the new webhookSecret option in the
4.21/4.18/4.14 upgrade guides
The webhookSecret option (X-Hub-Signature-256 verification) is being
shipped on main (4.21.0) and backported to 4.18.x (#24084) and 4.14.x
(#24086). Per the backport upgrade-guide policy, the version-specific
guide entries live on main; add a note for the new opt-in option to the
4_21, 4_18 and 4_14 guides.
Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
---
.../modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc | 7 +++++++
.../modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc | 7 +++++++
.../modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc | 7 +++++++
3 files changed, 21 insertions(+)
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
index cf448d557c10..10e54cf55f7e 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
@@ -56,6 +56,13 @@ in the other HTTP server components. Routes using
`transferException=true` on th
components must now also set `muteException=false` for the serialized
exception to be
returned in the response.
+=== camel-whatsapp
+
+The `camel-whatsapp` webhook consumer now supports optional verification of
inbound webhook event
+callbacks via the new `webhookSecret` endpoint option. When set, event
callbacks whose
+`X-Hub-Signature-256` HMAC-SHA256 signature is missing or invalid are rejected
with HTTP 403; when
+the option is not set, behaviour is unchanged.
+
=== camel-core
The `org.apache.camel.support.DefaultHeaderFilterStrategy` changed default
setting for lowercase from `false` to `true`.
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
index 76d55ed8009a..b6e5faf17c99 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
@@ -67,6 +67,13 @@ Routes that attach a `KeycloakSecurityPolicy` without any
roles or permissions a
unverified or invalid token will now have such requests rejected with a
`CamelAuthorizationException`. Provide a
valid, verifiable token (or configure `requiredRoles` / `requiredPermissions`)
for these routes.
+=== camel-whatsapp
+
+The `camel-whatsapp` webhook consumer now supports optional verification of
inbound webhook event
+callbacks via the new `webhookSecret` endpoint option. When set, event
callbacks whose
+`X-Hub-Signature-256` HMAC-SHA256 signature is missing or invalid are rejected
with HTTP 403; when
+the option is not set, behaviour is unchanged.
+
=== camel-core
The `org.apache.camel.support.DefaultHeaderFilterStrategy` changed default
setting for lowercase from `false` to `true`.
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
index 161585ae63e7..8abf13f9a4be 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
@@ -1118,6 +1118,13 @@ Maven repository (`build.shibboleth.net`) that has
proven unreliable, causing in
build failures. If your project depends on OpenSAML for SAML-based
WS-Security, you will need to
add the `org.opensaml` dependencies explicitly.
+=== camel-whatsapp
+
+The `camel-whatsapp` webhook consumer now supports optional verification of
inbound webhook event
+callbacks via the new `webhookSecret` endpoint option. When set, event
callbacks whose
+`X-Hub-Signature-256` HMAC-SHA256 signature is missing or invalid are rejected
with HTTP 403; when
+the option is not set, behaviour is unchanged.
+
=== camel-lucene
The Exchange header values exposed by `LuceneConstants` have been renamed to
follow the standard
