[jira] [Updated] (CAMEL-23367) org.apache.camel.management.mbean.ManagedCamelContext generates illegal XML

Mon, 27 Apr 2026 01:58:27 -0700 


     [ 
https://issues.apache.org/jira/browse/CAMEL-23367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ivan Ravin updated CAMEL-23367:
-------------------------------
    Description: 
org.apache.camel.management.mbean.ManagedCamelContext in method 
dumpRoutesStatsAsXml uses StringBuilder to generate xml, without character 
escaping. But routeId, processorId can contain characters forbidden in XML 
attributes, like <, >, &, etc. So, method dumpRoutesStatsAsXml can generate 
unparseable xml.

I think this method, and maybe other dump... methods requires character 
escaping.

Found in camel-4.10.7, but main branch is the same: 
[https://github.com/apache/camel/blob/main/core/camel-management/src/main/java/org/apache/camel/management/mbean/ManagedCamelContext.java]

  was:
org.apache.camel.management.mbean.ManagedCamelContext in method 
dumpRoutesStatsAsXml uses StringBuilder to generate xml, without character 
escaping. But routeId, processorId can contain characters forbidden in XML 
attributes, like <, >, &, etc. So, method dumpRoutesStatsAsXml can generates 
unparseable xml.

I think this method, and maybe other dump... methods require character escaping.

Found in camel-4.10.7, but main branch is the same: 
https://github.com/apache/camel/blob/main/core/camel-management/src/main/java/org/apache/camel/management/mbean/ManagedCamelContext.java


> org.apache.camel.management.mbean.ManagedCamelContext generates illegal XML
> ---------------------------------------------------------------------------
>
>                 Key: CAMEL-23367
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23367
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-management
>    Affects Versions: 4.10.7
>            Reporter: Ivan Ravin
>            Priority: Minor
>
> org.apache.camel.management.mbean.ManagedCamelContext in method 
> dumpRoutesStatsAsXml uses StringBuilder to generate xml, without character 
> escaping. But routeId, processorId can contain characters forbidden in XML 
> attributes, like <, >, &, etc. So, method dumpRoutesStatsAsXml can generate 
> unparseable xml.
> I think this method, and maybe other dump... methods requires character 
> escaping.
> Found in camel-4.10.7, but main branch is the same: 
> [https://github.com/apache/camel/blob/main/core/camel-management/src/main/java/org/apache/camel/management/mbean/ManagedCamelContext.java]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to