[
https://issues.apache.org/jira/browse/CAMEL-23319?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Claus Ibsen updated CAMEL-23319:
--------------------------------
Fix Version/s: 4.14.6
> Improve error handling and add input validation in camel-mina converters
> ------------------------------------------------------------------------
>
> Key: CAMEL-23319
> URL: https://issues.apache.org/jira/browse/CAMEL-23319
> Project: Camel
> Issue Type: Improvement
> Components: camel-mina
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 4.14.6, 4.18.2, 4.20.0
>
>
> The MinaConverter class in camel-mina lacks input validation when converting
> network data to Java objects:
> * MinaConverter.toObjectInput() — creates an ObjectInputStream from an
> IoBuffer without any validation or filtering of the incoming data.
> Other Camel components (e.g. camel-netty, camel-leveldb, camel-consul)
> already apply proper input validation using ObjectInputFilter to restrict
> which types are accepted during conversion. The camel-mina converter should
> follow the same pattern for consistency and robustness.
> See CAMEL-23297 for the same change applied to camel-netty.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
