Messages by Thread
-
[RESULT][VOTE] Release Apache Camel Quarkus 3.33.2
Jiří Ondrušek
-
[RESULT][VOTE] Release Apache Camel Quarkus 3.27.5
Jiří Ondrušek
-
[VOTE] Release Apache Camel Quarkus 3.33.2
Jiří Ondrušek
-
[VOTE] Release Apache Camel Quarkus 3.27.5
Jiří Ondrušek
-
CVE-2026-49042: Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters
Federico Mariani
-
CVE-2026-46588: Apache Camel: CouchDB: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input
Federico Mariani
-
CVE-2026-46587: Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input
Federico Mariani
-
CVE-2026-43867: Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter
Andrea Cosentino
-
CVE-2026-43866: Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Andrea Cosentino
-
CVE-2026-42527: Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure
Andrea Cosentino
-
CVE-2026-46453: Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation
Andrea Cosentino
-
CVE-2026-43865: Apache Camel: Camel-Hazelcast: Unsafe Java deserialization in default-configured managed Hazelcast instances enables remote code execution
Andrea Cosentino
-
CVE-2026-46454: Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers
Andrea Cosentino
-
CVE-2026-46455: Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted
Andrea Cosentino
-
CVE-2026-46456: Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers
Andrea Cosentino
-
CVE-2026-46457: Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers
Andrea Cosentino
-
CVE-2026-46584: Apache Camel: Camel-Mail: The mail producer applied attacker-supplied mail.smtp.* / mail.smtps.* message headers as JavaMail session properties, allowing an attacker to weaken the SMTP transport security and, on releases before 4.19.0, redirect the connection and steal
Andrea Cosentino
-
CVE-2026-46585: Apache Camel: Camel-Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query
Andrea Cosentino
-
CVE-2026-46590: Apache Camel: Camel-PQC: The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter (incomplete remediation of CVE-2026-40048)
Andrea Cosentino
-
CVE-2026-46591: Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)
Andrea Cosentino
-
CVE-2026-46592: Apache Camel: Camel-CXF: The SOAP operation-selection headers used non-Camel-prefixed names (operationName, operationNamespace) that bypass the HTTP header filter, allowing an HTTP client to redirect the invoked SOAP operation
Andrea Cosentino
-
CVE-2026-46726: Apache Camel: Camel-Vertx-Websocket: The inbound consumer maps externally-supplied WebSocket query and path parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling server-side request forgery and disclosure of
Andrea Cosentino
-
CVE-2026-48204: Apache Camel: Camel-MongoDB-GridFS: The gridfs.* control headers used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to switch the GridFS operation - including destructive file deletion - in the default configuration
Andrea Cosentino
-
CVE-2026-48203: Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields
Andrea Cosentino
-
CVE-2026-48205: Apache Camel: Camel-DNS: The dns.* and term Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect DNS queries to an attacker-controlled server (server-side request forgery) and enumerate internal
Andrea Cosentino
-
CVE-2026-48206: Apache Camel: Camel-JIRA: A set of non-Camel-prefixed Exchange header constants (IssueKey, ProjectKey, IssueTransitionId, ...) bypass the HTTP header filter, allowing an HTTP client to drive arbitrary JIRA issue operations using the endpoint's configured credentials
Andrea Cosentino
-
CVE-2026-49086: Apache Camel: Camel-Dapr: The Dapr Pub/Sub consumer copied the inbound CloudEvent's pub/sub-name and topic into producer-direction routing headers, allowing an actor who can publish to the subscribed topic to redirect the re-published message to an arbitrary Dapr Pub/Su
Andrea Cosentino
-
CVE-2026-49098: Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic
Andrea Cosentino
-
CVE-2026-49097: Apache Camel: Camel-IRC: The irc.sendTo (and other irc.*) Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect outgoing IRC messages to arbitrary channels or users
Andrea Cosentino
-
CVE-2026-49099: Apache Camel: Camel-Salesforce: Non-Camel-prefixed Exchange header constants (sObjectQuery, sObjectSearch, apexUrl, ...) bypass the HTTP header filter, allowing an HTTP client to inject SOQL/SOSL queries, override the target SObject, and redirect Apex REST calls using t
Andrea Cosentino
-
CVE-2026-49365: Apache Camel: Camel-Netty-HTTP: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients
Andrea Cosentino
-
CVE-2026-53913: Apache Camel: Camel-Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration (no required roles or permissions) the token is never verified and any non-null bearer value is accepted - a
Andrea Cosentino
-
CVE-2026-55993: Apache Camel: Camel-Atmosphere-Websocket: The inbound consumer maps externally-supplied WebSocket query parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling server-side request forgery and disclosure of secr
Andrea Cosentino
-
CVE-2026-55994: Apache Camel: Camel-Iggy: The inbound consumer maps externally-supplied Iggy message user-headers into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling server-side request forgery and disclosure of secrets when bridged
Andrea Cosentino
-
CVE-2026-56139: Apache Camel: Camel-Undertow: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients - and the option was not honoured
Andrea Cosentino
-
CVE-2026-56140: Apache Camel: Camel-AWS2-SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components; because camel-aws2-sns is producer-only (no consumer) there is no reachable inbound header-injection path, so this is a defense-in-
Andrea Cosentino
-
[ANNOUNCE] Apache Camel 4.14.8 (LTS) Released
Gregor Zurowski
-
[VOTE] Release Apache Camel Kamelets 4.21.0
Andrea Cosentino
-
[ANNOUNCE] Apache Camel 4.18.3 (LTS) Released
Gregor Zurowski
-
[HEADS UP] - Main is now 4.22.0-SNAPSHOT
Claus Ibsen
-
Kamelets for 4.21 release
Claus Ibsen
-
[ANNOUNCE] Apache Camel 4.21.0 Released
Gregor Zurowski
-
Camel 4.21 whats new blog
Claus Ibsen
-
[REPORT] Monthly Camel static code analysis - 2026/06
Pasquale Congiusti
-
GitHub CI Usage - June 2026
Aurelien Pupier via dev
-
Camel 4.22 LTS in August
Claus Ibsen
-
[VOTE] Release Apache Camel 4.14.8 (LTS)
Gregor Zurowski
-
[VOTE] Release Apache Camel 4.18.3 (LTS)
Gregor Zurowski
-
[VOTE] Release Apache Camel 4.21.0 (LTS)
Gregor Zurowski
-
[HEADS UP] - Working on documentation
Claus Ibsen
-
Local copies of opensaml in git
Claus Ibsen
-
Camel patch releases in June
Claus Ibsen
-
Community over Code Glasgow 2026 Hackathon - Next Steps
Bowen, Rich
-
GitHub CI usage - May 2026
Aurelien Pupier via dev
-
Shaping the Future of Camel: How are you building on top of Camel in the Age of AI?
Otavio Rodolfo Piske
-
[REPORT] Monthly Camel static code analysis - 2026/05
Pasquale Congiusti
-
[RESULT] [VOTE] Release Apache Camel Quarkus 3.36.0
Zineb Bendhiba
-
[VOTE] Release Apache Camel Quarkus 3.36.0
Zineb Bendhiba
-
[VOTE] Release Apache Camel Karaf 4.14.7
Jean-Baptiste Onofré
-
Dependencies which are not updated to the latest version
Aurelien Pupier via dev
-
[VOTE] Release Apache Camel Karaf 4.18.2
Jean-Baptiste Onofré
-
CVE-2026-47323: Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering
Andrea Cosentino
-
[VOTE] Release Apache Camel K 2.10.1, 2.9.2 and 2.8.1
Pasquale Congiusti
-
Deprecate old camel k runtime repository
Pasquale Congiusti
-
[VOTE] Release Apache Camel Kamelets 4.18.2
Andrea Cosentino
-
[RESULT][VOTE] Release Apache Camel Quarkus 3.27.4
James Netherton
-
[RESULT][VOTE] Release Apache Camel Quarkus 3.33.1
James Netherton
-
[VOTE] Release Apache Camel Quarkus 3.27.4
James Netherton
-
Hackathon at Community Over Code Glasgow 2026 — interest from Camel?
Jarek Potiuk
-
[VOTE] Release Apache Camel Quarkus 3.33.1
James Netherton
-
[FEEDBACK] - JSpecify in camel-api
Claus Ibsen
-
[RESULT][VOTE] Release Apache Camel Kamelets 4.20.0
Andrea Cosentino
-
[VOTE] Release Apache Camel Upgrade Recipes 4.20.0 (Second Attempt)
Jiří Ondrušek
-
[CANCELLED][VOTE] Release Apache Camel Upgrade Recipes 4.20.0
Jiří Ondrušek
-
[REPORT] Monthly Camel static code analysis - 2026/04
Pasquale Congiusti
-
[VOTE] Release Apache Camel Upgrade Recipes 4.20.0
Jiří Ondrušek
-
[VOTE] Release Apache Camel Kamelets 4.20.0
Andrea Cosentino
-
Kamelets releases for latest patch releases
Claus Ibsen
-
[RESULT][VOTE] Release Apache Camel Quarkus 3.35.0
James Netherton
-
[ANNOUNCE] Apache Camel 4.20.0 Released
Gregor Zurowski
-
[RESULT] [VOTE] Release Apache Camel 4.20.0
Gregor Zurowski
-
[ANNOUNCE] Apache Camel 4.14.7 (LTS) Released
Gregor Zurowski