oscerd opened a new pull request, #22637: URL: https://github.com/apache/camel/pull/22637
## Backport of #22613 Cherry-pick of #22613 onto `camel-4.18.x`. **Original PR:** #22613 — CAMEL-23324: Add deserialization filtering for camel-vertx-http and camel-netty-http helper utilities **Original author:** @oscerd **Target branch:** `camel-4.18.x` ### Conflict resolution One conflict in `NettyHttpHelper.populateNettyHttpOperationFailedException` — 4.18.x used the classic `instanceof` cast pattern while the PR adopted pattern-matching `instanceof`. Resolved by taking the PR's pattern-matching form, which is valid on Java 17 (the branch's required version) and matches the change intent (pass the `deserializationFilter` to the new helper overload). ### Original description Extends the defense-in-depth deserialization filtering pattern applied in CAMEL-23297 (camel-netty), CAMEL-23319 (camel-mina) and CAMEL-23321 (camel-jms/sjms/amqp) to the HTTP transports. - `NettyHttpHelper.deserializeJavaObjectFromStream` and `VertxHttpHelper.deserializeJavaObjectFromStream` now apply an `ObjectInputFilter` on the `ObjectInputStream` used when reading `application/x-java-serialized-object` payloads. - Filter resolution priority: configured pattern → JVM `-Djdk.serialFilter` → default `java.**;javax.**;org.apache.camel.**;!*` - Configured pattern exposed as a new endpoint option `deserializationFilter` (label `advanced,security`, matching the JMS counterpart) on `NettyHttpConfiguration` and `VertxHttpConfiguration`, wired through `NettyHttpProducer` and `DefaultVertxHttpBinding`. Link: https://issues.apache.org/jira/browse/CAMEL-23324 ### Test plan - [x] `NettyHttpHelperDeserializationFilterTest` (4 tests) and existing `NettyHttpTransferExceptionTest` pass - [x] `VertxHttpHelperDeserializationFilterTest` (4 tests) and existing `VertxHttpSerializedBodyTest` (5 tests) pass - [x] Full `mvn clean install -DskipTests` passes from project root _Claude Code on behalf of Andrea Cosentino_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
