oscerd opened a new pull request, #24181: URL: https://github.com/apache/camel/pull/24181
Backport of #24177 to `camel-4.18.x`. `camel-jacksonxml`'s default `XmlMapper` now enables `MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES`, mirroring the hardening applied to `camel-jackson` (CAMEL-23786). Defense-in-depth against gadget-chain deserialization: when polymorphic / default typing is enabled, Jackson refuses unsafe base types (`Object`, `Serializable`, `Comparable`). Ordinary marshalling/unmarshalling is unchanged; opt out by supplying your own `XmlMapper` via the `xmlMapper` option. Code + test only — the upgrade-guide entry lives on `main` (per the docs-on-main policy). --- _AI-generated by Claude Code on behalf of Andrea Cosentino._ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
