[jira] [Resolved] (CAMEL-23297) Improve error handling and add input validation in camel-netty converters

Andrea Cosentino (Jira) Wed, 08 Apr 2026 05:59:09 -0700


     [ 
https://issues.apache.org/jira/browse/CAMEL-23297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrea Cosentino resolved CAMEL-23297.
--------------------------------------
    Resolution: Fixed

> Improve error handling and add input validation in camel-netty converters
> -------------------------------------------------------------------------
>
>                 Key: CAMEL-23297
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23297
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-netty
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.19.0
>
>
> The NettyConverter, ObjectDecoder, and DatagramPacketObjectDecoder classes in 
> camel-netty lack input validation when converting network data to Java 
> objects:
> 1. NettyConverter.toObjectInput() — creates an ObjectInputStream from a 
> ByteBuf without any validation or filtering of the incoming data
> 2. ObjectDecoder — decodes objects from TCP connections without restricting 
> accepted types
> 3. DatagramPacketObjectDecoder — same for UDP datagrams
> Other components like camel-leveldb and camel-consul already apply proper 
> input validation using ObjectInputFilter to restrict which types are accepted 
> during conversion. The camel-netty converters should follow the same pattern 
> for consistency and robustness.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CAMEL-23297) Improve error handling and add input validation in camel-netty converters

Reply via email to