This is an automated email from the ASF dual-hosted git repository.
oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 95e44042acf3 CAMEL-23783: document the camel-schematron XXE hardening
in the 4.18.3 and 4.14.8 upgrade guides
95e44042acf3 is described below
commit 95e44042acf34e5a3f4ce00e82d09a4fe10c2260
Author: Andrea Cosentino <[email protected]>
AuthorDate: Fri Jun 19 18:05:41 2026 +0200
CAMEL-23783: document the camel-schematron XXE hardening in the 4.18.3 and
4.14.8 upgrade guides
Closes #24138.
---
.../modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc | 13 +++++++++++++
.../modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc | 13 +++++++++++++
2 files changed, 26 insertions(+)
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
index a7153e3f49a5..9c3d8a44f813 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_14.adoc
@@ -995,6 +995,19 @@ the removed headers were redundant with the endpoint
configuration. Routes that
on reading `CamelDaprPubSubName` / `CamelDaprTopic` from a consumed exchange
should read
the configured destination from the endpoint URI instead.
+=== camel-schematron - potential breaking change
+
+The Schematron rules-compilation `TransformerFactory` now runs with secure
processing enabled
+(`FEATURE_SECURE_PROCESSING`) and with external DTD and external stylesheet
access disabled
+(`accessExternalDTD` and `accessExternalStylesheet` set to empty), as
defense-in-depth against XXE and
+external-resource resolution while compiling Schematron rules. This matches
the hardening already applied
+to the component's `SAXParserFactory`. The bundled ISO Schematron skeleton
stylesheets continue to be
+resolved from the classpath via the component's `URIResolver` and are
therefore unaffected.
+
+If your Schematron rules legitimately reference an external DTD, external
entity, or external stylesheet,
+those references will no longer be resolved and rule compilation will fail;
inline the referenced content
+instead.
+
== Upgrading from 4.14.2 to 4.14.3
=== camel-tika
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
index f483d39099fc..cf6a89fd6f47 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_18.adoc
@@ -1097,6 +1097,19 @@ the removed headers were redundant with the endpoint
configuration. Routes that
on reading `CamelDaprPubSubName` / `CamelDaprTopic` from a consumed exchange
should read
the configured destination from the endpoint URI instead.
+=== camel-schematron - potential breaking change
+
+The Schematron rules-compilation `TransformerFactory` now runs with secure
processing enabled
+(`FEATURE_SECURE_PROCESSING`) and with external DTD and external stylesheet
access disabled
+(`accessExternalDTD` and `accessExternalStylesheet` set to empty), as
defense-in-depth against XXE and
+external-resource resolution while compiling Schematron rules. This matches
the hardening already applied
+to the component's `SAXParserFactory`. The bundled ISO Schematron skeleton
stylesheets continue to be
+resolved from the classpath via the component's `URIResolver` and are
therefore unaffected.
+
+If your Schematron rules legitimately reference an external DTD, external
entity, or external stylesheet,
+those references will no longer be resolved and rule compilation will fail;
inline the referenced content
+instead.
+
== Upgrading from 4.18.0 to 4.18.1
=== camel-bom
