oscerd opened a new pull request, #1588: URL: https://github.com/apache/camel-website/pull/1588
## Summary - Adds the `CVE-2026-33453` security advisory under `content/security/` (Markdown source + clearsigned `.txt.asc`). - HIGH-severity advisory for an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in the `camel-coap` component. Unauthenticated attackers can inject arbitrary `Camel*` internal headers via CoAP URI query parameters and reach RCE when routes forward to header-sensitive producers (e.g. `camel-exec`). - Tracked in [CAMEL-23222](https://issues.apache.org/jira/browse/CAMEL-23222). Reported by Hyunwoo Kim (@v4bel). | Field | Value | | --- | --- | | Affected | 4.14.0 before 4.14.6, 4.15.0 before 4.18.1 | | Fixed | 4.14.6, 4.18.1, 4.19.0 | ## Test plan - [ ] Hugo build renders `/security/CVE-2026-33453.html` without errors - [ ] `.txt.asc` PGP signature verifies against the release-signing key - [ ] Front matter fields (`severity`, `affected`, `fixed`, `cve`) match the existing site styling - [ ] Advisory appears in the security index page -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
