Re: Jackson vulnerabilities CVE-2017-17485 & CVE-2018-7489

[Willem Jiang]

Hi Grzegorz,

Is there any updated for this issue?
We may need a JIRA to track this kind of issue.


Willem Jiang

Blog: http://willemjiang.blogspot.com (English)
  http://jnn.iteye.com  (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem

On Tue, Apr 17, 2018 at 3:04 PM, Grzegorz Grzybek 
wrote:

> Hello
>
>
> > It may look like Jackson has not provided CVE fixes for these reports
> > on their 2.8.x versions. That version is what is in use for Camel
> > 2.20.x and 2.21.x and therefore its more tricky to do something about
> > it. Camel users can try to switch to use Jackson 2.9.5 with their
> > Camel 2.20.x or 2.21.x as its just a matter of selecting the JARs in
> > their classpath/application.
> >
>
> (Always) remember about swagger dependencies... Swagger quite loosely
> treats semantic versioning.
> Between 1.5.17 and 1.5.18 there was jackson upgrade from 2.8.x to 2.9.x
>
> Just my heads-up that this should be checked.
>
> regards
> Grzegorz Grzybek
>
>
> > And as Jackson is also used by Spring Boot then we are trying to align
> > with the supported version of Jackson that Spring Boot uses. And Camel
> > 2.20.x and 2.21.x is using Spring Boot 1.5.x.
> >
> > And Jackson has sometimes in-compatability issues so its not always an
> > easy upgrade.
> >
> >
> >
> >
> > On Mon, Apr 16, 2018 at 1:00 PM, David Atkins 
> > wrote:
> > > Hello,
> > >
> > > I've recently ran a dependency check on the camel-jackson 2.21.0 and
> > > it appears that the version of jackson being used (2.8.10) has two
> > > High/Severe vulnerabilities.
> > >
> > > To fix this for camel-jackson we'll need to upgrade as follows:
> > >
> > > CVE-2017-17485 - Jackson 2.9.3 or greater
> > > CVE-2018-7489 - Jackson 2.9.5 or greater
> > >
> > > I can see that the parent pom on the mainline has been upgraded to
> > > 2.9.4 (as part of spring boot 2 migration), so that covers
> > > CVE-2017-17485 'for free'
> > >
> > > More information available here:
> > >
> > > https://nvd.nist.gov/vuln/detail/CVE-2017-17485
> > > https://nvd.nist.gov/vuln/detail/CVE-2018-7489
> > >
> > > Shall I raise a JIRA to address this (possible as two separate tickets
> > > to track both issues?)
> > >
> > > Thanks,
> > >
> > > David
> >
> >
> >
> > --
> > Claus Ibsen
> > -
> > http://davsclaus.com @davsclaus
> > Camel in Action 2: https://www.manning.com/ibsen2
> >
>

Re: Apache camel and IBM MQ

[Willem Jiang]

Hi,
It could be a while, I'm not sure if you already find a way to resolve this
kind question.
Here are some pointers which may help you out:
1.You can take a look at the camel-jms component[1] or camel-sjms[2] which
supports the stand JMS message, which could be use to connect the IBM MQ.
2. With the Bean Integration you can add some annotation in your business
implementation bean to handle the message.

[1]
https://github.com/apache/camel/blob/master/components/camel-jms/src/main/docs/jms-component.adoc
[2]
https://github.com/apache/camel/blob/master/components/camel-sjms/src/main/docs/sjms-component.adoc
[3]http://camel.apache.org/pojo-consuming.html


Willem Jiang

Blog: http://willemjiang.blogspot.com (English)
  http://jnn.iteye.com  (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem

On Wed, Apr 11, 2018 at 10:18 AM, Pranay Tonpay  wrote:

> Hi,
> I was looking for some sample code integrating Apache Camel and IBM MQ that
> uses pure annotation driven approach. Can someone please provide me some
> pointers ?
>
> thx
> pranay
>

Re: Re: DirectConsumerNotAvailableException: No consumers available on endpoint

[Martin Lichtin]

Thanks, the block option for the direct: component helped.

However, in general, there's a more apparent timing issue after the version 
upgrade.
If the CamelContext is not ready, then one cannot start routes.
I had to resort to registering a "StartupListener" to be notified, before 
trying to start routes.


On 26.04.2018 19:20, Alex Dettinger wrote:

You may be interested in routes startupOrder

or the block option

which you may need to set to true on your own in 2.19.5.

On Thu, Apr 26, 2018 at 6:24 PM, Martin Lichtin 
wrote:

After upgrading from 2.18 to 2.19.5, I'm often seeing this exception at
startup.
It looks like the auto-started route is not immediately ready?

Using a producer template, it can happen that
"DirectConsumerNotAvailableException" is thrown.
At next try (e.g. a second later) it works.
How can this be avoided?

org.apache.camel.component.direct.DirectConsumerNotAvailableException: No
consumers available on endpoint: direct://myRoute.
Exchange[ID-mypc-27743-1524756340687-3-2]
 at org.apache.camel.component.direct.DirectProducer.process(Dir
ectProducer.java:55)
 at org.apache.camel.processor.CamelInternalProcessor.process(Ca
melInternalProcessor.java:198)
 at org.apache.camel.processor.DelegateAsyncProcessor.process(De
legateAsyncProcessor.java:97)
 at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerC
ache.java:529)
 at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerC
ache.java:497)
 at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCac
he.java:365)
 at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCac
he.java:497)
 at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:225)
 at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultPr
oducerTemplate.java:144)
 at org.apache.camel.impl.DefaultProducerTemplate.sendBodyAndHea
ders(DefaultProducerTemplate.java:257)


Thanks

- Martin

Re: Placeholders are not resolved in Simple language while using resource: prefix

[Jan Bednář]

Opened wish type minor issue 
https://issues.apache.org/jira/browse/CAMEL-12486

AW: [ANNOUNCEMENT] Apache Camel 2.21.1 Released

[Dieter von Holten]

Gut gemacht - weiter so !!


-Ursprüngliche Nachricht-
Von: Gregor Zurowski [mailto:gre...@list.zurowski.org] 
Gesendet: Freitag, 4. Mai 2018 21:48
An: d...@camel.apache.org; users@camel.apache.org
Betreff: [ANNOUNCEMENT] Apache Camel 2.21.1 Released

The Camel community announces the immediate availability of the Camel
2.21.1 patch release. This release contains 52 fixes and improvements applied 
in the past weeks on the 2.21.x branch.

The artifacts are published and ready for you to download [1] either from the 
Apache mirrors or from the Central Maven repository. For more details please 
take a look at the release notes [2, 3].

Many thanks to all who made this release possible.

On behalf of the Camel PMC,
Gregor Zurowski

[1] http://camel.apache.org/download.html
[2] http://camel.apache.org/camel-2211-release.html
[3] 
https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12342869=12311211