oscerd opened a new pull request, #706: URL: https://github.com/apache/camel-karaf/pull/706
## What Adds a **Karaf-specific threat model** for camel-karaf, plus the supporting `SECURITY.md` reporting pointer and `AGENTS.md` AI-agent guidelines — mirroring the house style of [`apache/camel`](https://github.com/apache/camel) (`docs/user-manual/.../security-model.adoc` + root `SECURITY.md` + `AGENTS.md` with a Security Model section + `CLAUDE.md` symlink). | File | | |---|---| | `docs/modules/ROOT/pages/security-model.adoc` | the threat model (new) | | `docs/modules/ROOT/nav.adoc` | links the new page in the user guide nav | | `SECURITY.md` | GitHub-rendered reporting pointer to the model + Apache Camel private process (new) | | `AGENTS.md` (+ `CLAUDE.md` symlink) | AI-agent guidelines incl. a Security Model summary (new) | ## Why / approach camel-karaf is a **runtime adapter, not a new data plane**. The data-plane vulnerability classes (unsafe deserialization, XXE, expression/template injection, path traversal, SSRF, header/bean-dispatch abuse, auth bypass, information disclosure, insecure defaults, back-end query injection) live in **Apache Camel core and components**. The model therefore **defers those to the canonical [Apache Camel Security Model](https://github.com/apache/camel/blob/main/docs/user-manual/modules/ROOT/pages/security-model.adoc)** and documents only the **Karaf delta**: - the `camel-core-osgi` resolution layer (must not *widen*, for untrusted message data, a class/bean/component sink flat-classpath Camel core had closed); - the Blueprint DSL as trusted route-author code (equivalent to Java/XML/YAML DSL); - the Karaf shell as a management surface (analogous to camel-management/JMX); - the feature / Pax-URL install model as trusted operator action; - **OSGi is not a security sandbox** — the headline false-friend. It includes a component-family map, input-trust matrix, adversary model, properties provided / not provided, known non-findings (for automated triage), a closed set of triage dispositions, and a dated ratification record. The model is **fully ratified**; provenance tags are retained as the chain of authority cited when closing reports. Produced with the `threat-model-producer` rubric. No code changes; docs only. Build gate not affected. --- _Claude Code on behalf of Andrea Cosentino_ 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
