This is an automated email from the ASF dual-hosted git repository.
oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 984e8d268c7e CAMEL-23522: doc-sync 4.18 upgrade guide for camel-mail
mail.smtp.* gating (#23383)
984e8d268c7e is described below
commit 984e8d268c7ece426cf72510fb3827eb0a157c3a
Author: Andrea Cosentino <[email protected]>
AuthorDate: Thu May 21 10:21:22 2026 +0200
CAMEL-23522: doc-sync 4.18 upgrade guide for camel-mail mail.smtp.* gating
(#23383)
Mirror the 4.18.x upgrade-guide entry for CAMEL-23522 (camel-mail - gate
JavaMail session
properties from headers behind opt-in) onto main, per the project's
backport upgrade-guide
policy: the camel-4x-upgrade-guide-4_XX.adoc files on main act as the
canonical history
across all releases, so any entry added on a maintenance branch must also
land here.
Companion to the backport PR against camel-4.18.x (#23381) and the main PR
(#23362).
Signed-off-by: Andrea Cosentino <[email protected]>
---
.../ROOT/pages/camel-4x-upgrade-guide-4_18.adoc | 23 ++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
index e23a680c3818..462bca9b9a4c 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
@@ -210,6 +210,29 @@ this pattern now fails fast with an
`IllegalArgumentException` (wrapped in a
`Neo4jOperationException`) instead of producing a malformed query. Property
values continue to be
passed as bound query parameters and are unaffected.
+=== camel-mail
+
+The SMTP producer no longer extracts dynamic JavaMail session properties from
message headers by
+default. Previously any message header whose key started with `mail.smtp.` (or
`mail.smtps.`) was
+applied to a per-message `JavaMailSender`, which meant an upstream producer
that mapped untrusted
+input into the exchange header map (for example `platform-http` query
parameters, JMS or Kafka
+messages from untrusted producers) could override transport-security settings
such as
+`mail.smtp.ssl.trust` or `mail.smtp.starttls.enable`, or redirect the SMTP
connection.
+
+This behaviour is now disabled by default. Routes that legitimately rely on
per-message
+`mail.smtp.*` / `mail.smtps.*` headers must opt back in on the endpoint:
+
+[source,java]
+----
+.to("smtp://mymailserver:1234?useJavaMailSessionPropertiesFromHeaders=true");
+----
+
+Even with the opt-in, route authors should still strip the namespace with
+`removeHeaders("mail.smtp.*", "mail.smtps.*")` between any untrusted ingress
and the mail producer.
+
+In addition, the inbound `MailHeaderFilterStrategy` now blocks the
`mail.smtp.` / `mail.smtps.`
+prefix as well, so an external mail message can no longer inject these into a
downstream exchange.
+
== Upgrading from 4.18.0 to 4.18.1
=== camel-bom
