oscerd opened a new pull request, #22497: URL: https://github.com/apache/camel/pull/22497
## Backport of #22490 Cherry-pick of #22490 onto `camel-4.18.x`. **Original PR:** #22490 - CAMEL-23297: Add deserialization filtering to camel-netty converters and codecs **Original author:** @oscerd **Target branch:** `camel-4.18.x` ### Original description _Claude Code on behalf of Andrea Cosentino_ Adds `ObjectInputFilter` support to camel-netty's deserialization paths to restrict which classes can be instantiated during Java deserialization of network data. ### Changes: - **NettyConverter.toObjectInput()**: Applies a default `ObjectInputFilter` (`java.**;javax.**;org.apache.camel.**;!*`) when converting `ByteBuf` to `ObjectInput`. Respects JVM-wide filter (`jdk.serialFilter`) if already set. - **ObjectDecoder**: Reimplemented to support `ObjectInputFilter`. Compatible with Netty's `CompactObjectOutputStream` wire format. Accepts an optional `deserializationFilter` pattern. Logs a warning when no filter is configured. - **DatagramPacketObjectDecoder**: New constructor accepting `deserializationFilter`, passed through to `ObjectDecoder`. Fixes: https://issues.apache.org/jira/browse/CAMEL-23297 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
