Hi, The version does still contain the XXE vulnerability for XPath and the XmlConverter (CAMEL-8311 and CAMEL-8312). I think this is about as serious as the issues from CVE-2014-0002 and CVE-2014-0003, so these two patches should really be in there.
-1 (non binding) Best regards Stephan -----Original Message----- From: Willem Jiang [mailto:willem.ji...@gmail.com] Sent: Samstag, 28. Februar 2015 14:29 To: dev@camel.apache.org Subject: [VOTE] Release Camel 2.14.1 This is a vote to release Apache Camel 2.14.2, a patch release coming with about 94 issues fixed. Release notes: 2.14.2 https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12329070&styleName=Html&projectId=12311211 Staging repo: 2.14.2 https://repository.apache.org/content/repositories/orgapachecamel-1024 Tarballs: 2.14.2 https://repository.apache.org/content/repositories/orgapachecamel-1024/org/apache/camel/apache-camel/2.14.2/ Tag: 2.14.2 https://git-wip-us.apache.org/repos/asf?p=camel.git;a=tag;h=c8ab49cbaa9c5c8ae776176f7703f5d757fd10cd Please test this release candidate and cast your vote. [ ] +1 Release the binary as Apache Camel 2.14.2 [ ] -1 Veto the release (provide specific comments) Vote is open for at least 72 hours. -- Willem Jiang Red Hat, Inc. Web: http://www.redhat.com Blog: http://willemjiang.blogspot.com (English) http://jnn.iteye.com (Chinese) Twitter: willemjiang Weibo: 姜宁willem
