This is an automated email from the ASF dual-hosted git repository. oscerd pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/camel-website.git
commit b910753b91cef08e38fb1b8a2ccf38c2fd1a40f8 Author: Andrea Cosentino <[email protected]> AuthorDate: Fri Jul 3 13:56:23 2026 +0200 Update June 2026 CVE advisory dates to 2026-07-03 release date and re-sign Bump the date frontmatter of the 28 unreleased June-2026 CVE advisories (previously staggered across 2026-06-09/10/11/18) to the 2026-07-03 release date, and regenerate/re-sign each clearsigned .txt.asc with key 27663406EB6DBAF5291F2615E34E9F3802FF4100 (SHA512) so the signed copies match. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> Signed-off-by: Andrea Cosentino <[email protected]> --- content/security/CVE-2026-40047.md | 2 +- content/security/CVE-2026-40047.txt.asc | 18 +++++++++--------- content/security/CVE-2026-40859.md | 2 +- content/security/CVE-2026-40859.txt.asc | 18 +++++++++--------- content/security/CVE-2026-43865.md | 2 +- content/security/CVE-2026-43865.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46453.md | 2 +- content/security/CVE-2026-46453.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46454.md | 2 +- content/security/CVE-2026-46454.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46455.md | 2 +- content/security/CVE-2026-46455.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46456.md | 2 +- content/security/CVE-2026-46456.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46457.md | 2 +- content/security/CVE-2026-46457.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46584.md | 2 +- content/security/CVE-2026-46584.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46585.md | 2 +- content/security/CVE-2026-46585.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46590.md | 2 +- content/security/CVE-2026-46590.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46591.md | 2 +- content/security/CVE-2026-46591.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46592.md | 2 +- content/security/CVE-2026-46592.txt.asc | 18 +++++++++--------- content/security/CVE-2026-46726.md | 2 +- content/security/CVE-2026-46726.txt.asc | 18 +++++++++--------- content/security/CVE-2026-48203.md | 2 +- content/security/CVE-2026-48203.txt.asc | 18 +++++++++--------- content/security/CVE-2026-48204.md | 2 +- content/security/CVE-2026-48204.txt.asc | 18 +++++++++--------- content/security/CVE-2026-48205.md | 2 +- content/security/CVE-2026-48205.txt.asc | 18 +++++++++--------- content/security/CVE-2026-48206.md | 2 +- content/security/CVE-2026-48206.txt.asc | 18 +++++++++--------- content/security/CVE-2026-49086.md | 2 +- content/security/CVE-2026-49086.txt.asc | 18 +++++++++--------- content/security/CVE-2026-49097.md | 2 +- content/security/CVE-2026-49097.txt.asc | 18 +++++++++--------- content/security/CVE-2026-49098.md | 2 +- content/security/CVE-2026-49098.txt.asc | 18 +++++++++--------- content/security/CVE-2026-49099.md | 2 +- content/security/CVE-2026-49099.txt.asc | 18 +++++++++--------- content/security/CVE-2026-49365.md | 2 +- content/security/CVE-2026-49365.txt.asc | 18 +++++++++--------- content/security/CVE-2026-53913.md | 2 +- content/security/CVE-2026-53913.txt.asc | 18 +++++++++--------- content/security/CVE-2026-55993.md | 2 +- content/security/CVE-2026-55993.txt.asc | 18 +++++++++--------- content/security/CVE-2026-55994.md | 2 +- content/security/CVE-2026-55994.txt.asc | 18 +++++++++--------- content/security/CVE-2026-56139.md | 2 +- content/security/CVE-2026-56139.txt.asc | 18 +++++++++--------- content/security/CVE-2026-56140.md | 2 +- content/security/CVE-2026-56140.txt.asc | 18 +++++++++--------- 56 files changed, 280 insertions(+), 280 deletions(-) diff --git a/content/security/CVE-2026-40047.md b/content/security/CVE-2026-40047.md index f5f51f85..0b0349cd 100644 --- a/content/security/CVE-2026-40047.md +++ b/content/security/CVE-2026-40047.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-40047" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-40047.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-40047.txt.asc b/content/security/CVE-2026-40047.txt.asc index c3a45889..7b731d29 100644 --- a/content/security/CVE-2026-40047.txt.asc +++ b/content/security/CVE-2026-40047.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-40047" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-40047.html draft: false type: security-advisory @@ -22,12 +22,12 @@ The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23212 refers to the The fix was merged on the main branch in https://github.com/apache/camel/pull/22082 (commit f86fda0442c65b9d13ce3aa8ac676233b64e3351) and is first available in the 4.19.0 release. The 4.18.x LTS backport is https://github.com/apache/camel/pull/22767 (commit 1fa56f45901f50aa79849ff2d2ca83dd57f6991c) and is included in the 4.18.3 release. -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmonxIoACgkQ406fOAL/ -QQB6Rgf/W+8PipISDOVlnYXCzTzBhTgrj1o9agjzlU571G8hxJN9EMvK/w/B4iq4 -g43ehFioYgGlSSkzM2O7mg+bG+uE0BjW65JN1/NReAaEekBWMrgVXmqa6RXrsNcX -dfIPL9+z58cCclL/UZ/pHCzajuhV5j/CcUjuwSR9zjNgZNLmTSX9kjxk3zVRCN5n -pDtlGynJZzvv+ULT8ALLGAj2Mj+Kx3t9uHVo+Tqtrn1JjJaf8fbamimiGXQZuTDs -AT4kMnZS+fFE4whyp///1vTJemXF9aew7JArvRn+dPn/3dL5LIto3kVs2rxBAO7G -V2p9Qsb3wbH/bNMT0kMarGZRdY2Xaw== -=su0K +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHogoACgkQ406fOAL/ +QQAb4wf9Hqok75rGfvSanjAqAxp3z0LwovhYLCdlQ7A4JTREBM+T8DtlTo9utcFW +KOyxa08Fo8/T1oIQ0EUvZSHcNk4xi/ZelPprlfCPMdMH0j5YLC+YUYp9BoD6wAOD +U5u8Ps4BodWXKZDBxF8c7nc8d/ewUth23kiBctxUeCewusILgI0dQS72iiq0kKu3 +rqF5s+Yp8dHKtJVi9XbmX6O1slWTZcEHh7La6GuX4hBei3hjbjcLp75JjW8wXuM3 +4Y9S82AiWwSGg9eVb0L6GJbdVdsXZVZJXx+41123i/48HBY5z4iEzHy7Kk5jSr7G +caTU6CCAB8lzUS8eMuFKZkEAnK5GmQ== +=EpA3 -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-40859.md b/content/security/CVE-2026-40859.md index 0925b1cd..954ea542 100644 --- a/content/security/CVE-2026-40859.md +++ b/content/security/CVE-2026-40859.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-40859" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-40859.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-40859.txt.asc b/content/security/CVE-2026-40859.txt.asc index a13b1cef..67f90795 100644 --- a/content/security/CVE-2026-40859.txt.asc +++ b/content/security/CVE-2026-40859.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-40859" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-40859.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.20.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23324 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/22613 (commit e735f56b4bcae040a6a113a83bf08d41b8696c43, released in 4.20.0) and backported to camel-4.18.x (commit a3835afef108fef9eaf04165faed91784889407f, PR #22637) and camel-4.14.x (commit 04019cf90a4b09e263d2df4ad4cacea85a9d72ee, PR #22768). Exploitation requires the non-def [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQCI/Af7BEYPiylFrYj4t+6AasXVYgUAw5A9AVZ63zB9svw/d4CCGG38hTHTc8aD -SJ+1zE5e444dGG0DLHwauQm/46N+Seh1m90SHc13fGYz/eUGzuashb3dO3VOiaLn -tHBJmoUeNl7CGnFAuVFg1o5ISualI24WWMVP23uZAgFpWPIiZ6Uxi0uAF+J5YhUK -xJpkP7e2AT+tzkOluFnIKzmewIYoFmzFDJ+glhoTpTgF424aLpeopBQMais6mn56 -POnaWy8bGcHb93DZJX1PKJZHB/xrogABUuIm8XDKX9xuVJVgL5eOZUzyA31POH8p -NPHIBUNlymSRkSQrTev0fd0AFcVzJw== -=z6i8 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQBO5wf+L92ho3JD8gFYQP6dVPaieUfQmPiz3SMAdjKWiEnGX+Fe53Qbg81g/+Ww +KwcFv4DZQlpw1oDzj4oowR5ROSSm4eASsZ5Wgoy2orpnNSSJhFdz0rb+zQAkHCIr +pI2vMnfhlafsYmu7XiJBamFHOD7WEFgGFpggjhhnmOWCXpqvE0DusaC4oIQYhako +JWMX86Zoi5cSFg7UC0W/pRshtWkRniOMKDR4nV2lmiJIT4eXb4CzJzCrR7mpGt6q +mDH2vGp9Zu90MhzHRSulYodCI2BhAE4NuUyW47hwvcJRIP/ZqUl+5HZ45xGGW88z +kjfVFhvRe4PF/rFjuzvNz3lIvwSqSg== +=awbO -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-43865.md b/content/security/CVE-2026-43865.md index 3816671b..3762f1f9 100644 --- a/content/security/CVE-2026-43865.md +++ b/content/security/CVE-2026-43865.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-43865" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-43865.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-43865.txt.asc b/content/security/CVE-2026-43865.txt.asc index 0b90239d..48f5f741 100644 --- a/content/security/CVE-2026-43865.txt.asc +++ b/content/security/CVE-2026-43865.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-43865" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-43865.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23414 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/22943 (commit 7a309042f22493082647a410d9d8cafd672b1c74) and backported to camel-4.18.x (commit 5caf4368551f6d3b61690d5db03869491390d446) and camel-4.14.x (commit 974a11b5ed5e2d50722f33aa48f61898395ea45b). This issue is distinct from the Hazelcast library deserialization advisorie [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQC3aQf+J/TnVKZ57Thfhkxm1tkg0ApytR715TjMTazsGIH49J6d1ImumKuGDLKa -7Tdj1ZPfDhOpca3wclTjCgw0ELR1benN4fLMmGmXV30ukIhQkpCUqoBo9dOS4lPX -vA/A0Z+lpcLoGGyIp0mOlZr0YfMKaMor10KI2Hp3MeXJuzAbW8PyekkywfoWW+ze -XAhc7sCZvbLAroNwP203RBfMjVmYhUKl9+TnRf30HVXD6dCeJp30oByqC+5Miyr8 -RphtOfFNiZpSzgcEdsoUl7Qz8sDZ4nhPjLYuNTONSsDZp/aVLJVN+lAk3Yynw3Q5 -s/FpR1j0k2ogeH/k1cNXsaFOe+kUWQ== -=i3eL +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQDN7QgAl2X1rj8azDfXk+q/57I9BTgXcERXbe3e3Y8DuvC8hhZ6T1KeTTKtGZGa +5vI/I99GI5xMZmLPzmoYJ01rX9VkefZ686PosgtUaWR9qz2MkCrL99jLnhQmGcix +EaC1SRosK0jHU9Mk2pibb9/C7n1xxy1/RcxVfXJfHQVluMkd9vIvg3rp2MzxVX9W +hkjtxKVbLHtICHmTgHWawq9DYSv7UVjBejfRIBenWY8WozAqh92bkluB4oPIPXpm +lna8XQGxR9UjgkHAuHcaazeIoxvBK+ZTO0TUjzGQpUhyp5eQp1PHNDijVE5HazuY +Btb+OHO4w8d/D1Xk09ic3rOZkC2FDw== +=TU4i -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46453.md b/content/security/CVE-2026-46453.md index fe3dea88..99e489a3 100644 --- a/content/security/CVE-2026-46453.md +++ b/content/security/CVE-2026-46453.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46453" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46453.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46453.txt.asc b/content/security/CVE-2026-46453.txt.asc index 40075449..1e4348d2 100644 --- a/content/security/CVE-2026-46453.txt.asc +++ b/content/security/CVE-2026-46453.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46453" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46453.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23508 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23212 (commit 81f3a625c8853d6dff5fd748a0da9dba259c4076) and backported to camel-4.18.x (commit ff88400e3a95af16e17d553b34d3752d96496c5d, PR #23244) and camel-4.14.x (commit 0a87d31c8d19f59da4a5477bde192cc258ecc5d7, PR #23360). The issue is classified as CWE-20 (Improper Input Val [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQDamggAqGeXRUdFnHe6nDcu+ASEi6M3OLc0YzpB3/RU/gfJrEo4rCwqN/TnTJIb -+jBYw8SkJ0D9oj/XKcdGV6A7UXxR1ZZHb7O+e16+PnPOLzsaBx/lKanwipWTFHUG -Xu2cLWZJLs9xAGqUL0HvyUSiXYBZca2Ri/17TFoj5Ua8boVmfaRD8yoC3A9WAbmG -T+m6hacARTh9xd8v/G2TE0bGtNgqxD520BDOlLHMJyAy2dRvXR2F8HFt09EedxQ3 -FFpSTFEyrLtXi1I/oeMZ633Tv8VrKjAdZiNeYcVDBFkN95cZautgR09WV5geiTuW -5Pk0e66vZGB668e31TCXFz5tw4kneQ== -=v1L2 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQC/Igf7BjM+PIbNYZjz2TkwVYQ9RNL3+HATKXrX5MhB/IqCF7PasI1q2sDbE39G +qn/QZlERdzrqzHj0/MQxl6RbLoAf+0F91BXBrEHrVKTTXRQTbQCUY67mpxFxNMS+ +TkR+UMW9rnRNU2C+6MtAdbAk61+PteMKvM+uWopgxlGloAQ6sDLucrbIGpCkMsoW +p7Ptg+DzuJV11D9SR/cjxgUJZWiUyFGp/9Q0yuAigdhhjRAP2Da3cdkoLi9nx5ls +4DOP8047An9JxyAWYSsI6/rhRCsM/rq1YXdw6uf8PA9HXGlgnaYVucSg9lZ6aH7g +sf+eNXLDx9ItDfGHbpbcozBKFEvC7g== +=TJ+G -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46454.md b/content/security/CVE-2026-46454.md index e9ee312c..e03fa861 100644 --- a/content/security/CVE-2026-46454.md +++ b/content/security/CVE-2026-46454.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46454" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46454.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46454.txt.asc b/content/security/CVE-2026-46454.txt.asc index 6b9cfffa..e6d7fc86 100644 --- a/content/security/CVE-2026-46454.txt.asc +++ b/content/security/CVE-2026-46454.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46454" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46454.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23507 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23211 (commit e20bdc2a6a3fd1128bcebe1b64c8e8589f0bc57d) and backported to camel-4.18.x (commit e9c741b4908dcffc0e1a7b1a5e6207a46aaac608) and camel-4.14.x (commit 6fad391f9f5257b93ce07d9b8e5e7f486210d4f5). The issue is classified as CWE-20 (Improper Input Validation). It belongs t [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQB3NggAglQ6mf5GsX6ZvYP3oQ5G1UOT6gj4A8Es96Da+1jz6tM2bQSu1TQvHXqm -W/FDia5jm8e8+FmlXXv7kQlUy0K3EqMeAq1E3i9LCmKYQLFx+fcSJ1H9a4WrT376 -cGZg0CGB2dlYMdGrevcGek40l3BMzbwyM5CqqigBDiJGJETWmLObiLTxenWUYoNf -diPLOMrGh+YNdw12RFRuLtzUizpgBnyPJnnSbfGbJRUvZoSo9jn5Ng5PhB1Q8yow -IGG+Vfnq5hAgLB21LmFVqeG6lHpCqdk63XbMGbPx31Tbsp5AX1vDFx6RbqN0nx+L -nxrzyTMYoYBChnanLJ75Cst6kKLkDQ== -=U8FA +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQBlyQf6AjfMnmga43DitsUbzyRUBO9dCPsBIP5hYzg+GkC5o1wSeRCRS/Ai9bQp +g7/RFDU3Ftv+qzRVe6jjguVX5GYM03TFuk1Vf4y+15bw/BcIqxv4SbdvzKgitAw3 +CblnvI2C5/YhAM9Y3pmdlJatFTqXeweDNbitRqnfA9pd1ZpZ2IuJ8Go75WqH6/bt +S4rW1rmpnIOcU39qmQ7BqhLOhyGGgmhznuUmYfD1jQ/cZCrn8WxpD01095y05f3L +iRH0YxxPGtRs6eFhk6CGrAg27uW9LXbWaYb11wTtLe18R+Ze14AOnV/DZRBUMCFE +XDpKoOwXBCT/2XojbZRQnYKszUDqmA== +=Y2rC -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46455.md b/content/security/CVE-2026-46455.md index f654d67e..05d68765 100644 --- a/content/security/CVE-2026-46455.md +++ b/content/security/CVE-2026-46455.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46455" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46455.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46455.txt.asc b/content/security/CVE-2026-46455.txt.asc index 082b7a9d..7381e5aa 100644 --- a/content/security/CVE-2026-46455.txt.asc +++ b/content/security/CVE-2026-46455.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46455" -date: 2026-06-09T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46455.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23504 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23197 (commit 39133b1ada37c60dea53f3b7db720dbd2ae73fa6) and backported to camel-4.18.x (commit 7f4c4736021aff4fad925eca3bf456b95db038f3, PR #23204). The fix adds TokenVerifier.IS_ACTIVE to the withChecks(...) invocation so the token's validity window (exp/nbf) is enforced alongsi [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQDo8wf/XBm1JBWDXpdGCgvc8oWwUxantkITRlC4p8kocMB7ZZxYPcn8uf507aJU -N63qPGxNHKc0o+cA0uzHR7TzHvc7KnsSAQz9EV+6K6xHRE2IEcWcK/MEg+6f4orQ -brZ1YQi1M2uAWaW3iv8lSxrcPye/nJrgW6lTFugKzTXlHjxGddNpGs/IdqvlaPe3 -lEM31FJilb5+AF+8iKVW+6R5eOlFI0nEKg5SuwmTzYNgul7Y5gj1V5i+H2Dz0J/b -8ve3rA3+l/K3dKf2yr2p7SxNN2SICT35NpwNKR/dCN8W1fcAQHRsRD+RVAOm64lN -sx5nc9uePTl4X9S4ChdpFjXV/+a0oA== -=l9Wj +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQDvgAf+KnYnPoB3TX6EAhYrPti3hzsiAD1M48fhRf3qe8iU/3bJnm3DySZvXqVQ +a7ERLS3+WA8Wt5hnwVRwK5H5nkQ+myAlev/G5W19+LaXw1BY201kMF3q9JhiSBlE +zyPgrFkS6bBLPVzOjtwZaCi8xRZx4AC3qjmpOX3O/OfbyejeYfufiBkMXuGNDYSl +2F07TVQJmTBCntlrs7Dvz2kvVkexb6XEV2izX9/PlG08d/GnYqqj0AQ5c1DfUgf2 +e7Mm1HSStfylQBNJotXzKUMw/W0xw0V19FpGXuAs6sSQSCJBtvv2F05ChdmmFFPU +eOroFjmaEC4qqdJ3mKiTcf+JOV2Stw== +=petq -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46456.md b/content/security/CVE-2026-46456.md index cb22f1f2..a8477841 100644 --- a/content/security/CVE-2026-46456.md +++ b/content/security/CVE-2026-46456.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46456" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46456.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46456.txt.asc b/content/security/CVE-2026-46456.txt.asc index a4337324..747448fd 100644 --- a/content/security/CVE-2026-46456.txt.asc +++ b/content/security/CVE-2026-46456.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46456" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46456.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23506 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23221 (commit 5f57258fb33d33ef99df10594f8fe9f11d7c2b7e) and backported to camel-4.18.x (commit 7b334be0419839097a132d4ff3427fc4083e695e) and camel-4.14.x (commit b7f78292e747a28dbf5da444265557b5f9f3c1a1). The issue is classified as CWE-20 (Improper Input Validation). It belongs t [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmo1FZQACgkQ406fOAL/ -QQA2GwgAtv+cPj7UTlFy4uI/exPy9K6PDkLgzvZJozUp1/WOZUnmu9DK/fVp2yHG -9gsET7HZ32I/PhRKL/eWqMzi2g30kYC4iDHzY7yexDDBTLR3WJD9uqZDd3gBveeC -z9WF4Iki8Kxn+T8zQEVVYouqaXDxxlJbowwz/1DpPfAdoGVnf1mgwYbxQkserpvl -CMmWCWYpcqeMwdwhym/FjgFT9dCf6Q8jqz3vFZUYFdCeEBFoib++OY3I7uBOaUW5 -U4ACPZtNFjp+5VmfVDIq0A7E8vUIh9xAr+UDKW5hNdZOuwCfRqgy1KNNUhv1SKda -KGG4goSkEYuN/xrGzukDUiQGVAj8mA== -=de39 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQDC0wgAvwaDpZY+pwEqntncXb0FEeBBfw2zaKbiP4obgBfdZWRTHeQqfEAI0Hn5 +ahzC1TrhUhU3kY0mMUY2qZu4bS0Pl1OLpGHzD7LvbCKjvY0NqTPBrj4eVsZx/H3V +hrTK88/AQlrrplo4g+kY8qJfhuieE7kAttmvMgV0jC4qf6dLkh8zzOjrkFL/S47V +n8Ha6qBrUPnzcP0puo7oP2kSvsiY2Z16l0uyiCfM6Hfm4akXFOdvg0kpfPV7Vxv+ +HlubuFZQOGn9Ns+QZVGfhAliI6JE5mAMcAop/cFXz48FzUFKMyvtj7iWaP0tLoZk +Tf12/1M5bGoRjBrscyblJePVnmad/w== +=Rn3y -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46457.md b/content/security/CVE-2026-46457.md index c36eeb23..cade3034 100644 --- a/content/security/CVE-2026-46457.md +++ b/content/security/CVE-2026-46457.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46457" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46457.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46457.txt.asc b/content/security/CVE-2026-46457.txt.asc index 0edd208a..13d89aad 100644 --- a/content/security/CVE-2026-46457.txt.asc +++ b/content/security/CVE-2026-46457.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46457" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46457.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23515 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23233 (commit be8aad96fa04f81d2b58884e27ba6755c9ad2718) and backported to camel-4.18.x (commit 67f7ea7465a1bf637339975c69a82327890e22f0) and camel-4.14.x (commit f7022926ca9c1c94866bf32596c9869f424a3b2c). The issue is classified as CWE-20 (Improper Input Validation). It belongs t [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQDzTQgAr9BVaoZjAaIwiL4/8uNezA7wVscghYmsDf4Y6w3cOdFLsslmOm0Lfj3k -01d/e+fy+Asyo3TNOl9/qQ1NC+Zfw+fVOBOiTHh4z9s33hsCROc9I9SQjU3GOawZ -wXWIs0t5hR/VoPz59CVP9gP90utERQvXdUztYa1PIE+2KO4gkCPeDByUTnrbJ78P -M091Hvq9CHPkah+VThF9AWvc+EwGzcLu/9718vtqjDEH14r/YzXvFOFHJamiA7Zg -dq37whL34QCciN7dUF30yNa1lUttQxM5Lf+jwRljQlNyXtwM+s6fRSRhrTLEQK0R -ZyS4JO+MArhrOdTqpPVPiegFYpD9kQ== -=mCP5 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQDr1Qf9FPJUFqqNces+/5VvT4SjWxT2aGIsNQzPETle/d35DdFHByeo4neBhgGE +jctbqDifY+LMF5TnlN+kyAmaManvTQy6VIolP2rzjdaelrmGETmASlWxs9E5QC5g +m0nIOgedVXi/HMsSzEHZENpvD4VF7cMHEPYPjyYBWGFERkx1rPiTF6qflIVqFnrF +sLdB1RV4GZmVT/UH0ax4k2PXcRF/uP5vvPlyZM7CrHDPWgpWHMrPRree+IT4cf2+ ++i1XCEoJTNC1qefjKeA/2GlBPVGLHGbX0SnHxscxglB1qxBa5VZuMN0OAcNAztUs +Bcfvyg2BAMm0J2X8aI8G91uH4MASnA== +=Bx4Y -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46584.md b/content/security/CVE-2026-46584.md index 6023a364..28e3f3c1 100644 --- a/content/security/CVE-2026-46584.md +++ b/content/security/CVE-2026-46584.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46584" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46584.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46584.txt.asc b/content/security/CVE-2026-46584.txt.asc index 9051ba15..fe93d1d0 100644 --- a/content/security/CVE-2026-46584.txt.asc +++ b/content/security/CVE-2026-46584.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46584" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46584.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23522 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23362 (commit 1e31abca3213cde447a2ded1adc070ffec6836f1) and backported to camel-4.18.x (commit 725175e3aa16216361acc8497345f8e00536d2e0) and camel-4.14.x (commit 2d2815d256068f15d42da3af27fa86fb5efad2ab). The fix gates the per-message JavaMail session-property override behind a n [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQCWgQf/S0l3K+SUkm966JiboPdNMOYbW9M9Ef6GBom6qvuA6JXVGvnGOdjVdcad -+PkVEuwNiCVQV+2n7N0RPr0mWdYz1h23nYMRfa6yG+qFi8kkrBJVHaoDkSmsyXyy -KhGc/9HO/hzU2LyoopakP/qVPyQUf+VEZt6t3jYSYZk2xq1eSXYEpTtO9U6/tyir -dqlrIwrQNv1sX0t6j4Qg+FDZ/zbD9T6EKNU3DY21Yb4xwYZ0fIxEsruKH+MA9QC4 -F0L8RLsa930VNuTOGvBR2iTLfmoxIKeGmwDwakR3iT+xlsuDLpduZSX/fp9RcmWC -D1DExjAuJSXyvXkZjJ0gE2rGT7EHbA== -=NbvN +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQDw3gf/S9rDaWcFL8ei/XdJlucws9prU4IdNWHm7kkGZKPNFivrT42D9npOfe1d +3W5M8rLNnMTP1TBoAJ6d7rIcAn8LMpiF0dLwRz0XhXt9oV1Ti/EcVY3VNFrTZtcn +aslt/cY9HppD6DsnzUJb9ZdtyIJD01vnKjWqqA1JTKPt2ctHrTTS22gA1SVRz8TT +OXlGRED14qiHRkcgJg+PbGHUoecNmA9fbY2NuxSDtaQUnTFvxNsZg/5vf05Mflix +w+wBcm5MQOdNd02A/Ho03j/MCAS69p9FVC/raS3lX8ydK4ptd24ocXj0qIMoCoMG +/rwSeE7zDN4W/voBm6woOYbYSmDO3g== +=b/ht -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46585.md b/content/security/CVE-2026-46585.md index 75206951..b9d32949 100644 --- a/content/security/CVE-2026-46585.md +++ b/content/security/CVE-2026-46585.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46585" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46585.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46585.txt.asc b/content/security/CVE-2026-46585.txt.asc index 780bbf1e..7102efc0 100644 --- a/content/security/CVE-2026-46585.txt.asc +++ b/content/security/CVE-2026-46585.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46585" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46585.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23509 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23208 (commit 878ea07996caff19ed227984bf6cb6cf01983422) and backported to camel-4.18.x (commit 16a70d48145605c1a35e909d308bf9e5e2d3e7d8) and camel-4.14.x (commit 349f197115d60e0c180cf9836e08f4aeb5a87872). The fix renames the camel-lucene Exchange header values to the Camel conven [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1gACgkQ406fOAL/ -QQDWtwf/UgJ/ym2Wp0WlOMtCxKMg2p92cYK+Bj2Awk8LNNqn4qOoHFfoYklvWqL2 -NcL3YzMsxVk1pWlFSiUO8PkGdt9IAqQ0tXM/Ul6fpHS1ykv8k3gsccqfHMfsXKI7 -Uo98rA44sJPbVStBDyTzE+nycRLVnMoZ+u0oNbV9QmQeRHGk3AITGdAkbCxxAOJi -+Ojkmo3en1U32K9NXoikd9cus3uCtBUa6Km3Ub3SUt6ehS/+YsNluN/kzQL95NnC -eHD6wdQ8qw+usO3CDta3l2UiRWab1CjFAQyfhUr/QRuRizMs61/a1EiMiZ4WFNbn -YGECEi6Uplcah3pZc8sH74iRE7wR5g== -=rP0d +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQCWJwf/exEQqMAPGIs46nxpmM4Gy50GxLoziYzAhof3LLr7DEsNfoxleEQCcDMy +aHUGgkf5tvWN+5a/kbJUfCeYfpL4R5Q1dzm3itbf8fkaxvmukuhKCQ9Bd2JlG7lx +FSaXBquOY5tJzlFrLv/UvFK8yxVL8wAy6fC7CXaBiTU1Yrvq/J6mnndqtPwn49Uv +MuOs8k+yH4G+wq4u6hw5Yds7NwNWSEMIaPzpSF9jWzgzop3edtry7y7A/SK4y3Uv +gvugqj8DoM3B90csUQJpZc6Do5NHGzvUHX+xYIE8JJz0MO2s2Ti5d+3wG5IWOPJW +nJR4NC942afT4VQIHGi4vDRYDp08kQ== +=3p9i -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46590.md b/content/security/CVE-2026-46590.md index 2d8f98ca..ffc43c68 100644 --- a/content/security/CVE-2026-46590.md +++ b/content/security/CVE-2026-46590.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46590" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46590.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46590.txt.asc b/content/security/CVE-2026-46590.txt.asc index d55de300..728dee87 100644 --- a/content/security/CVE-2026-46590.txt.asc +++ b/content/security/CVE-2026-46590.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46590" -date: 2026-06-10T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46590.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23726 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23912 (commit feea08e7847f35dc0e177652b0b02bd45f6c1b4f) and backported to camel-4.18.x in https://github.com/apache/camel/pull/23914 (commit 12a9ac3c94d6fda12d16b2c0039db41c6204727e). The fix introduces a shared KeyMetadataCodec that stores key metadata as JSON for all three KeyL [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQCGzwf9H0cbHjVgdI6XExFXDXAxBvT7iKHOHGjfBNNCDhG4DM6vYe8Hu2ehg1WQ -hkBEp0WbANHVRLjloHu3HBLuZ/77h53GV8+7pJ1bDza6o+Cfi4PYAz2WtrTEiguN -aBXqAG2YMtFROMEysnBQWh17BhSLC67z/bX3N8N5CBerA+e1ykuaYI+cntAyXx7h -aCFVKCJhveWvAt76NA4fHl8NMzdWlepEDPDqd7+m/WPfnYAt5YW6BWJ0/wsY9q+o -y1BDwCCVJp5sLV9Bl69S/9vYtFvJlP2sGzYdrPPnfP9YU6edGAWVoRiaDEjwsCoR -KMc2yK0utQvFTMeK0cjucJyyV90UaA== -=Yo3j +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQBZBwf/eRsjXw7USpgAm3LoCz2bl6QyTRLNvDvxwXpxy7UDeA7VQRho+Jkpy0HZ +9L6hb926szKBjJd4M0kvzQuTVcWbYzDBpbKZbk1eozdu7yT1oQR5ufV1Z/D7LBCz +yQGuE1YkVKqcXps+dOQYN449mqP+jEfz43vxXcxWqyQRtHWzoo2bj3WRSHzInMuQ +TJpbbB9Thvb/IL1ezbE/XISqmprGdQ3lk/Otpj9whEe36YoxKVvJZBInmQ9jUfoF +oAnjxYw0YnNP4NW1lo+fkzrquDx8cup6VTxpKP42ElpeLitP5ijH0MhdqnDbfHAT +aQzAK2/PYB8zQAkv8Aw9nRjZ6M7fiA== +=deRR -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46591.md b/content/security/CVE-2026-46591.md index a22b9a32..50971489 100644 --- a/content/security/CVE-2026-46591.md +++ b/content/security/CVE-2026-46591.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46591" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46591.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46591.txt.asc b/content/security/CVE-2026-46591.txt.asc index 958a0eec..a9cdc36d 100644 --- a/content/security/CVE-2026-46591.txt.asc +++ b/content/security/CVE-2026-46591.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46591" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46591.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23528 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23258 (commit bb4176fe87dc0cc60a5be37a57b69b8c610c1dd2) and backported to camel-4.18.x (commit 865d0b8b99f969e06ec6275b69c72670b5763245) and camel-4.14.x (commit 7881d949c40befcc602016dcce25a2fb38d070ce). The fix adds strict property-name validation (^[A-Za-z_][A-Za-z0-9_]*$) in [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQDkxggAoKtshAwICpr6J9dcH5t9wQpRNJQ3o46n0tQGHQjlv+xnd5NzWHqktW0r -MX675MKmN+Zkh5tuM/XDg9GBsi5lA/TphnjeoOS7CBwgmUqrUz3n+uXHIqjTjh4t -lKMVSnuVKZDvufM/Gy5wR/Xuit9eJVpP0fZwnhuYtc71QM0vNXk7PRGwM4NgodlR -q554/X5EBcZ0P1sPXw1sMDT5DOMEKKvn/A/u2ouGFPbmBpYxFRS1vjohnUXJ4nsB -9qntHrWbxfC+wmo2qosE8DmJWuaCe3+izEK/QoZVUiRt/FtHF8SArpZIhUqiWdvz -O7whnEuLgrPGCeS8tviFR+Ki2LxLQQ== -=OQ8h +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQDwqQf/Z1YtSjjgjk8S+cekznxgM6YuCkFxW82BQ+VPVf/PWfEbeBmt8HXMUV9h +/mJy0363CcFfaoCIxyUKEaig50gg/+/hhCsuyzApOr0zZKAxrx04oeP++JUD0VBm +9gdiFUXPVVBCbaeI2ZW8J+q6H/EOwMVKJRm1Qjd/Xf2w0xu3Viwv/ySnt+AX+gya +N79EezLN19xMtiK7LlubiAnO/BfCmfgJU7iVhKJfIA3ZQB+kkx+79EppmGBk15KG +Y9lk094gVak9dEk6f1BsQ+3ZpmuoIbkFHxabVIPgvXfFiT57EcB1rmezrsVE9eWw +CCNyC9sK8r7hLsjDuFOtIjZm8fGX8g== +=Q1u/ -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46592.md b/content/security/CVE-2026-46592.md index 9a00f8ff..e5286408 100644 --- a/content/security/CVE-2026-46592.md +++ b/content/security/CVE-2026-46592.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46592" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46592.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46592.txt.asc b/content/security/CVE-2026-46592.txt.asc index f690444a..e198ea01 100644 --- a/content/security/CVE-2026-46592.txt.asc +++ b/content/security/CVE-2026-46592.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46592" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46592.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23526 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23326 (commit 7240570a05687792c95badfa8d11ed2644117230) and backported to camel-4.18.x (commit 36a5088b58be38317a8f974ffda2a262fa00b4e4) and camel-4.14.x (commit 0138da45fc9428172c1585ab4561d42e8868cf49). The fix renames the camel-cxf Exchange header values to the Camel conventio [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQDVeQf9HTeVGmeqAnZnmzu2Jt8dm8lm7H6/m6Xec6PkbOKNY1bRh59wKTmwQF3D -sbESkwgToVtZFYDZl7cysPIMTw+/Puc/Sc2pBf5icJ2qHSXVTZdVuT1imw8Bno5j -GAcol+qDbvJDzNiQ5GfEHF6dH7Tj0UCmf0zXWYrUw/uKhbgrgx0xcMOzyuC1yLh6 -nd50VKmzViaSISMHRIw9jg4dFsowT5/vIZItzmgSWOWadHoXdmaeoHZjlEIJJKeb -X8A06fSRXwU9SBOVWBlsZ0h7MkPAntKQZ9wDw1z6P//0HNTQ4PfWz6Wy6rLUd0fB -jmYwTX1klY9VTerhcz/bfD4EzM2bVQ== -=vOww +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh4ACgkQ406fOAL/ +QQCpsgf/cgB8+HUOXJKWwZlgF/hR74981Q2+i5NgNkjz330GpF7F+yGoTI3yVVDJ +LxHelcr9fMF3mwfwA5F+V/tt/Or4eAnwuK18cWTQG+H+gvuCb+aKeyNra3l+2NTU +rtvm+UGMKcvG7k9xP49iBoqiZg+UqVy2ypFz8+4yuLL0sgfjBTR2zQ/wox2Zru3j +zfj8SBd/j+Qmd9iAsHtR/ZI8xRvgS3w/mLM9jn+U7A3/hFd7qymV8As5clYLxD/z +O+ItGqPeVJTbu17zh/ulpfEEhx2W9KpiOAefXoFbhC1w6KuMNJ1H8mZRkhchuL25 +kT/68t3HE/yGLVXYkr4x1TPUM7YQ5Q== +=ZRtT -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-46726.md b/content/security/CVE-2026-46726.md index c368100e..7d17b24a 100644 --- a/content/security/CVE-2026-46726.md +++ b/content/security/CVE-2026-46726.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-46726" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46726.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-46726.txt.asc b/content/security/CVE-2026-46726.txt.asc index 60b43a0e..65ab3e1c 100644 --- a/content/security/CVE-2026-46726.txt.asc +++ b/content/security/CVE-2026-46726.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-46726" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-46726.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23532 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23285 (commit 1e776238202edb9d98972cff558e12b53e499647) and backported to camel-4.18.x (commit 88c43e3af36013585b5483c671950f30e5833a5f) and camel-4.14.x (commit 508fc15deca97ba373eb3881a00e220eab9ec428). The fix adds a dedicated VertxWebsocketHeaderFilterStrategy and a headerFil [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmozsGoACgkQ406fOAL/ -QQDWkAf/bG5bSlItv+LPhqZ9AGpXrB4SO17WNvemLDCxgnlQpR02RW+DzGr73h1+ -V6r0Ic+frI02u3OvGbtwJLrciz4FsLEmdRLaePgmWyu6r5TIjAvMfud+EU++oyPj -polc/3hXOFj3dUKQx/gZTTJh/hjDfh2lqKCUQH0v2i+9ya/yRiB2MA6S7lVKU2uI -XbPPR0jZybzvtr9U0a7dXSs1tUFAi/fzkP9Aafa5KsHHsDLOGfcVGf0wC8ckLPXZ -pGTGJdivAzBc8TbL45k4tcHXZ2S5d+SeBFAQ7KsMH/X7d5d6vgRbcxGhhOhwkb/t -V1dnhli9I6mvjCSU1llE9j+ktkz22g== -=R382 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQCwqAgAvOydJN9V3wRhlGNy1RqsyHPo8yfHaF0RfzfiIfuCjlu/oYGR02OdiojR +OMUfA90zM87xMipoXWdi3v9w/HVvh7RtP6r/whx/VVpqFmgxBoV1gWtO9KvJF0Bj +MM1aTNJzFBOJ88MaFUbbFqHbR9r++DnXgXxw8SppXsMRlmGcraYjEQ2NduovuJRz +w9tUvoQQdMhIRqV0sI9AQXoAybFkDP96YrFOOE8NtlOdNZi+A4NHwKQyz5OAcs1a +GHCeYPV8DTqr5CI3KxmDPs5zQksSedwz2L+Smklm/zUZ8vhZMhSB/TXAQBW10uPE +SmD1o3KtptStSFNiGFUTbm9Mw327lw== +=7QkA -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-48203.md b/content/security/CVE-2026-48203.md index 5306b9fd..8f754852 100644 --- a/content/security/CVE-2026-48203.md +++ b/content/security/CVE-2026-48203.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-48203" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48203.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-48203.txt.asc b/content/security/CVE-2026-48203.txt.asc index 43d84204..59a42620 100644 --- a/content/security/CVE-2026-48203.txt.asc +++ b/content/security/CVE-2026-48203.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-48203" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48203.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23597 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23410 (commit 4578a9014a6b7a914cf16baf2c5bf62a7b163a88) and backported to camel-4.18.x (commit cfc0d51f015b3112eae4ce0968d045f00e95c796) and camel-4.14.x (commit f79cbe3f8bc3fe1095d8492e9ef321289451d457). The fix renames the two camel-solr Exchange header prefix values to the Cam [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQCbqgf+PlmKuvqCHU81LtrJA+l5ZYlfzl5vcVv6YbQHlyxrTb64FTUp0XIGF6hj -v3zgdfe08Ois0Tm0skKPke1vYiIdmNNQqEz3kiir8x16F+rylML9tUwhBSIILMp2 -N47Qh9+lfimbP4bOjlYm9+Pbfbizfb2eMTtfcOBhKEym+TVDAsL9CchX8unbhnhg -yO+yMvww4zyxuvTZh+IhTCZnzQGDDfHZzeTrarxd4PDTBixRKCa1D23brtm0apt5 -kvm3P9uc02aUROhZqr4S7qV7idLtVEzPYu8YpF/PUP63idtiPlYVfye+lGy2UnEJ -IhuXrOZXqs9lqZx2ScvtOSCMiMnKng== -=1602 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQD6RAf/YGMtAk5rZUDQPgJhnYVX6TBkNFfT+tS1nffB0JoA8zR6tbdfeJfLAtos +Up9cjBGFIp8+FConLhSJLWKQjgMGMfx5DxF9nTk7G+YCcxsDSlziCVKlcZVjoO7r +mG57yQPuiT5bY/wSa4ykUXAeRkwAi8pK0Hq77tlyg5uqvQd9CdBQ7xMtO2GDcHcW +1FgMVweLgX+zViDfKwlVt9ChsjUaK9qwBFmtvc7envdDVcs1HNppCXAs60qnKQsZ +ywChHAsEVOlLF5zwVv/b8O2zdxaewci/WvDLoC+7557uq1Lc6ixFQbZRe3CfKcyC +CqtDeXirSp0aFgy4yhy3IN5c1f22Rg== +=mfQ3 -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-48204.md b/content/security/CVE-2026-48204.md index 23821275..886bc08a 100644 --- a/content/security/CVE-2026-48204.md +++ b/content/security/CVE-2026-48204.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-48204" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48204.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-48204.txt.asc b/content/security/CVE-2026-48204.txt.asc index 1333416a..89086131 100644 --- a/content/security/CVE-2026-48204.txt.asc +++ b/content/security/CVE-2026-48204.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-48204" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48204.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23575 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23413 (commit 8f0b1acfb89867bc28805d8281fa5c70192e2122) and backported to camel-4.18.x (commit 054d0c1e6c63f06b1a890c93f24115ee9bd110a8) and camel-4.14.x (commit 9915ad461dad8f5073782f643557bf1e7ae3bc31). The fix renames the camel-mongodb-gridfs Exchange header values to the Came [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQAEuQf+J/kkzHk00iOG2uiUCyMcBfjdskhURzAury3AysnAwvSYK6VPVCXx7srU -kVZUtU4Fknx1lcuG2GoKMpC4fXUWkbIH9DXcPw0K86LqZTCoym2YBHetNOFILwBS -6Ojf++pGAUENJx/Ue/4UA+acP9OcMqPoaJkh2vfm7TWVw3dy+lLd6VpU0+u5rkwj -/G/WBkWYQavRQSyxLNdmVdq/NS1HFkI2I70DdzHv1+98RiypJkjjm3aMj2aVaYGg -OJt3MnDgKcoAaxDb+BFYj8QnFtbaqjK2Cov3ZQetVJ/v5OYMCYuEju+EGiQjzrOj -lI7LmauH0dY/KPYpR/p5TbfFhGKHAQ== -=S1b8 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQDfLQgAtTZAXwws5WNzhqjH10b9Y+jtddkU4HorCtraxSx32QOxlaofKp9LQAQU +/60XYw92bXOtGIMreY1N1V32c4HS0igX/bAbkZtQB9sb+3vuzXbPef1blalzox+o +gf0jNxnNxlMld5aeYmkI2QkibbGr0rvUy8Y9m55T6vOXVu5UYJiZbSLvgkmtwQU5 +w/ncXHh/HdbJh/r8+iQ6KhkgpMBoR8t5F/XWvs7QWA33tErtm/23kX1ibiyCzbTh +dsACVcElBWs9m8x/qBjIMCJMj/NkwpBiq49tTW6xsD8ORnZl9gB24QCV5/BiMlOm +YxfAU3eM7ndxPI66fkkSZp4RzZyacw== +=1IIy -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-48205.md b/content/security/CVE-2026-48205.md index 0c42f054..e8dd24be 100644 --- a/content/security/CVE-2026-48205.md +++ b/content/security/CVE-2026-48205.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-48205" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48205.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-48205.txt.asc b/content/security/CVE-2026-48205.txt.asc index 60a7fab2..8abf045b 100644 --- a/content/security/CVE-2026-48205.txt.asc +++ b/content/security/CVE-2026-48205.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-48205" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48205.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23574 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23411 (commit bdd40cf23f2b22cd293ddad319069a7b3b3c6c70) and backported to camel-4.18.x (commit 29b18beaf1fb07276de909b8e19cd87f01e8abd9) and camel-4.14.x (commit a6d8a44684c0116531e70ad8eb8bb37bd5601e98). The fix renames the camel-dns Exchange header values to the Camel conventio [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQAI+wf8CUBqI73Z4Q/95BdsZVo5jqZiHEQXsMraGXC2VXv0caOBWZ415lEBUXj3 -tk7zpTwyW/YhybtwkXrCZOc1alJfY6DI2cJCjUW9EXf7UvG32zipgtMdLizVo+i4 -kXfcqrXC6t5dc/xqD9ydSli0Tvqwv9F8wzJxRZGRoGZuq3ehdY6MT2brjYS11Z48 -8KlNFmk0kKh5cnHw2vJRn/GM1B0BPRhmjaUfqRS/6GxohdCO7vP7Szi1CmooI5RD -c1mfBTZquYCpQxreI3TTVu1mR2p0cLz/iSTxGLhSgm+hs4PCGPMpFATzAyDfR40H -yj5gkGpg1yTNHa9G8MriiW6HFartVQ== -=JCqR +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQAV/Af/baloYT55NxTWEktA/PcvcLKw7yVoDcwssEVC5VWAH+yryWmojmqeO9ox +54juh4UuGCpYd/EKdEXqTLiPaAU9RKVMMMvNIs1O0aAsO5qzg2VM/SKZf3sy4GQJ +bpLsJkHfUDLEmzpKXpTFOoHI5xpYjhs5ZPMqhrGPjHZws2O79ZbBpDX8fF5lx1Q6 +P4MrkRaECDqqmkmSwLNwxZ5u8c6vaRVMIVQhTiOioU+pu5mQVGfi4EKWfdCB8z+P +SLWy38CNSgNJAIaU66Pl+QEJxeC6bWzY3zYlttE3XYHK6jAOhq4/pYM1W18ipmz9 +416HP2EnFJti4SplRrw543hnaGmY6w== +=BnAV -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-48206.md b/content/security/CVE-2026-48206.md index 81529817..2bd38fc1 100644 --- a/content/security/CVE-2026-48206.md +++ b/content/security/CVE-2026-48206.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-48206" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48206.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-48206.txt.asc b/content/security/CVE-2026-48206.txt.asc index 9165462e..009b7cf0 100644 --- a/content/security/CVE-2026-48206.txt.asc +++ b/content/security/CVE-2026-48206.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-48206" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-48206.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23576 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23417 (commit 3240a174a3707ba2b1d893c4ac0880829e0c9233) and backported to camel-4.18.x (commit 024704f95f16d1260304054088fa0b34acb57ebf) and camel-4.14.x (commit 6863ea624605ab3fa8827c43a4c5df333f767dc4). The fix renames the camel-jira Exchange header constant values to the Camel [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQAAWggArGiFTZLearV5i6RKE0SJQWxVMiBrdMXg5PSpmrilDj3gNcHAhwOesjn3 -aqBde/Q2P9X+VnJF7h9x+nRvY8d6uXp9iIdM3OqMmFPi9vAu61QY3aFGIGE0/DIx -VhFQyb1HhWQXJ/G6imPXBZVjidn16W+53NTiaq5aYLLxxTFsYLI0EtLTsfzteIQV -m59PRaQXoS0jq+v5TbUBigYkyAYZpC1DbzJnImmeNVelFijU2/BN5vl4B/X07mXD -0skuClM3r8VFe4MNGJ83PpsDptuFFnGkmGgtd1V/xNbtbvTu1e8rwJyZEqkSDIO/ -zbSCRyClKwWOXKPEdXrMtfBVkBQpjg== -=H+Le +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQCjLgf6An7jW8Yfv6kPPJUhq65SFMECgpQ0AkBjrrGj2qfwW28FVoofHrfVkNVk +1QsvFM1C0rzVEQcoiXxpyEvb3ECtn2q7NhFZa+MKznB49xtP81Bat88kD7kF9djP +mgihiQ9qBUz/uf6RmlLTjJaSK1Ack3E/PZbKK9HybU6CXbSfqJg9ZXfVuLuComcd +KvWsyiPvGPwgXHS2/KbdpkWG28iNjg/fGeuO1RWIIDAMo6TgX9cROH5eBidNXE/8 +zzcWp4QSHCOpJUqljU2S+96JFB9l8I2EJ8ou+W3DFIUcpFM8TC2pBppnbUwJKid3 +F8tFE3bILeVwK7ivZKTdhQzJY20kNg== +=jErT -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-49086.md b/content/security/CVE-2026-49086.md index 6b116a35..a8fd8942 100644 --- a/content/security/CVE-2026-49086.md +++ b/content/security/CVE-2026-49086.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-49086" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49086.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-49086.txt.asc b/content/security/CVE-2026-49086.txt.asc index 1a5b0a8c..11bb70e1 100644 --- a/content/security/CVE-2026-49086.txt.asc +++ b/content/security/CVE-2026-49086.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-49086" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49086.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23630 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23886 (commit 72d13bd13fb5960ea1b367a2e379f017c1720c5c) and backported to camel-4.18.x (commit 86276a2ccc2cf8b09d7efeb38d9770845c4e1bea) and camel-4.14.x (commit c6fc9bb21670e5c65ea14df0f3f29baef78c2028). The fix stops DaprPubSubConsumer from setting the CamelDaprPubSubName and C [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQDlUAgAmXAvFi+Os5eLROQrocUtndaF+tWK6+eNVpQAeaFvJMzD+BUeM4Iq1Yjx -2Qq4aUTO1eFlUUZ9PQoFU62tvNx97N87Vzs5TY9i9p2nSc5hY/wX5nJkAe7ioCRZ -UI9YbDEYIkvCVZWVslNZYN3zFPPyYPW5MQtEsKT9MS6uBVN029GMoRS+V+07VoSO -QqmkCxhtqODv5HtdJHN/+MG9B8JHfnvoyP4o39ed5Bynw2kb96+CDIxY93qXjoyh -9xv6xZJpQA/UkWUCvbkSoKqHCu6+SZ4mCpIbWBNMmXQcRvYanSedVE1ncxTQ9PKZ -Slw6M3B77c2UsKGrvsM2IqBxxK94OQ== -=FNf/ +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQDPKAgAwNyxnLx9cSY/93iytxUZr4hXb6Z6mLjUAx/V/Du8Or3syMinZv264Jxa +dTX1/2h/GvNK2lqzX3U6XFtkDnuqo69mLMX+BU0pMDC/6g1n2bfxhDlkHB819BHk +zd1NG64ANg/OrHqyXH98CFSugfbAQgBc2YR+SqiKpBjwEPt7w5LneihpbjnYbd6T +c2uXOxWsveIqjnbJ5JI6trmfKP114ApkuIwV5pvoBNXHj8rmcdhcRc+SNzpF1Kyu +qymCPUwO9qZnnwM2hmugpqJavwZw9xvw8uPsBzWnUY3DaW7yuraOrScCw7DEiQdp +Yrkl8Ql3bFfW52bChXdZCEU/nq6vUw== +=TkSA -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-49097.md b/content/security/CVE-2026-49097.md index 02ed7682..17f7ed61 100644 --- a/content/security/CVE-2026-49097.md +++ b/content/security/CVE-2026-49097.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-49097" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49097.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-49097.txt.asc b/content/security/CVE-2026-49097.txt.asc index e1432c58..5d16dc1d 100644 --- a/content/security/CVE-2026-49097.txt.asc +++ b/content/security/CVE-2026-49097.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-49097" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49097.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23629 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23594 (commit 0be886bf433c718abe4a27498245f6898366fb0c) and backported to camel-4.18.x (commit 2959633a6dd51a9736a9efaedaa843548fcd2d3e) and camel-4.14.x (commit 18b64b47fda68b15f4eb9f7ce8148c8b9ec819a0). The fix renames the 10 camel-irc Exchange header constant values to the Cam [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQDiWAf9EQhsxuSIT4gEfzbuBc+D/lcuVD65A4cB4TTRdvWAndeM6gPX3w8V9nHh -GVzdw57QmLo5DjbyMoEOLfrPSyy2CAPXSXgf1aINxWBYjSg+rdbK21kf0FvwQmLt -9FAngH8+7cp2Ga1HhW5GmJjb0pty3rwcT8Suz+N7TdYjyR+1aIBpn9F8KyWL9MtG -y7FVEa7ar/yw8Z32Viq9x3ceDxS4qQtfTahdr3+sm+RPazXnc0h3IzFqhI/J8Tfu -6GnKxKiILrtXSdJz+SE8WwyDFLpclrToykwgNJELB1hSlNu/TGPRx9J58oJ3dADj -OFvbTmSn4egIX+h/ph0R6790ef/Iqw== -=hD2S +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQDxvggAr41x5MMBotUGbmM6GV9cq1qMvzuw+gj+vwfiCA/XI9KlSVzKLeYznsAa +Er50bSZr6iKGil0znOPZvO1FaCziTpZJRFCHroPVwSg1mDnMTobZLFnRGuF6w4JZ +S6GOzdo8VB0KfjgIhk+mwGAtN6KA60vPrwszWwgkTS0pD5B147wsa2nbYvlaQsVL +LTCwhK56OvZIPtnM1q3nETCvBEVCr11iHfOekMmpvx4nmL8HoPMybAtn7gedywe0 +sWVLnacdFybu4WZPXLjjogYdtwOVLoxgaHDuGK5lRUPHX9g35pUT35kRFpL5M0H6 +yZAzjTESoDGJxZH8EBUei1jwqIr53w== +=yOCu -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-49098.md b/content/security/CVE-2026-49098.md index 12f04ae0..f6a6d328 100644 --- a/content/security/CVE-2026-49098.md +++ b/content/security/CVE-2026-49098.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-49098" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49098.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-49098.txt.asc b/content/security/CVE-2026-49098.txt.asc index 24324731..769987b6 100644 --- a/content/security/CVE-2026-49098.txt.asc +++ b/content/security/CVE-2026-49098.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-49098" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49098.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23584 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23602 (commit f8914a219ad473811c01562b5b85e83ba583b583) and backported to camel-4.18.x (commit d4c6fd85358b65d99dfe26722278eaf35fd0029c) and camel-4.14.x (commit 93cd4c4e1d1619d71aa9b56c3850d4d6ccd74375). The fix renames the 12 camel-kafka Exchange header constant values to the C [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQA28Af/fUBaWQTiTJCEQXQOXHRaCzNFu6F1JPm+G4V9P6kPUEZRzedz4DJ8o7Zm -KitWhcgb0l5IoPhZtltcwvSXsCIOaKKUJtry7tARM3up2Y1+0tGcQhYsIfg171QA -32gPl9lP2s88JLLi6lGPxuhIi5Hfxfi7vEF7sXFR/npWjUTnTKPinQfIbUXjtblh -jfreUQDLz9j+vmj0wbsydJfEOQ/KS9Eh847NHayMVdudIDJmreYh16v3H8Ijy90M -hDBTozr8PZcL9zJEbhvhiFhl8aqwOzypbOJ0kd+f/hBtgUAcCkjCDVpB5qoF/Mvb -TqzCKrbWjD+5yDae/Fhq96hsufWwTw== -=pjR7 +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQAXpgf/SYQPDSw/q0mgtGH7YRLg2QtNABoakPY6tJWgIs7oxvjOhEO8K2DOvtZ1 +gtnHo3cskg2Gal37bhuif7q0w4VCNtPNIrp/wL4AywkzFXW+DiDmBUscvpkBNhEC +TuagiaWw/5j5qh+VS9E/G29TimZ31dK5+jHfOrOHE1BZBrhPXZNeUvXAaBUz6dOq +OgOmFWObAepTOQmk//L22EC6RrBchCd/eZUmGpoFcskBjRIR+qxRVhunCAYTWc4V +nCbjEi/jI/tska1Ua6YjnXE4tYd9eHkozGhKK6KaxRYLBYWiGrbn/d2US6jJjG26 +FzMkehJr4JidpQjtxOVtF4+DFwkW3w== +=fdgr -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-49099.md b/content/security/CVE-2026-49099.md index 4fa6d790..f000cac6 100644 --- a/content/security/CVE-2026-49099.md +++ b/content/security/CVE-2026-49099.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-49099" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49099.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-49099.txt.asc b/content/security/CVE-2026-49099.txt.asc index ac5621bd..1b3dbfc1 100644 --- a/content/security/CVE-2026-49099.txt.asc +++ b/content/security/CVE-2026-49099.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-49099" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49099.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23716 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23887 (commit 3445c57e147da12ccfdde066c06ec5492d8c262b) and backported to camel-4.18.x (commit 578eb2a0a089c94f507853a737d7c46365f0272e) and camel-4.14.x (commit 48880af9d401e8c03473a14bd652ce012b66157b). The fix renames the 39 producer-read camel-salesforce Exchange header const [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1kACgkQ406fOAL/ -QQBwuQf+NP58OBGxNEEEFWKGp/U1g07SL9v739nLjmdc8uMTNce15orvFm5AMvTe -3VunewnPF1BbPb+Xp8ZiRb+QfIuCvLTkB/jlUMUzRTWunvhBC0Voj3DVX6aDe/VX -TJGpqvhGKFajzrFMzXm2IsS+NOBCiSzqksnW3A/x56IeGHIct33wiF7k9ATjqDIL -xtC3XUsU0dWkq4hWVrsGgZb6HXZ0G2wW3dKQ3MjGTKqIbwbW0BZspjYj2gTxC0lm -RmQKJC37LRMAg9aJo++SPhCwMJKURTzYOQh23rZMfDM5GTCO5FbyqWtit0tZko4z -YT46Z2lR+dpsSIXX4hzfDPE5IP2lZQ== -=4nvg +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQBbzwgAjv9RT5EZ+Q0ACKQg571sR6WCBF7h1h7FK+VQCLg0LZtDD90T4pqmCO+t +KZGvnSbnTMjyY2cfn7nxC1wVgx4YhE6Z5NczzXRJ+OtW9sEmV0PRTSMbSll9qYxc +wHZVUk0IM6e2oqT0ZUsUy4UwPyT3cjVh414Ss17Kjxz21xxsB8MFnaQ88AsJeZBo +YVp2Ydw3wj3yWrO8oAlxRJyoulD0xoT38FSdf3QRWeWLQlYsDdCatfIYRxWO7/iM +8HgK5hW7J9m/WvvGruMhBbjGUW8mm3qow/4NgU52Sp72M7FZKx+k+CThF7uYY4Kf +a4AUCmJjsIh1q59pYJL5TzQ44PYCSQ== +=Xr6M -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-49365.md b/content/security/CVE-2026-49365.md index 911531fe..8cb7dcff 100644 --- a/content/security/CVE-2026-49365.md +++ b/content/security/CVE-2026-49365.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-49365" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49365.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-49365.txt.asc b/content/security/CVE-2026-49365.txt.asc index a702dfbc..634a7415 100644 --- a/content/security/CVE-2026-49365.txt.asc +++ b/content/security/CVE-2026-49365.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-49365" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-49365.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23651 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23913 (commit 6cea553aa42ed1326ac57ad800d66674bc453932) and backported to camel-4.18.x (commit fdcf67a00470783ccb93b948883b6a4c5275aff5) and camel-4.14.x (commit b1badb58a407e4d16c8b6bba81650d4c68e55eaf). The fix aligns the muteException consumer-option default in camel-netty-htt [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmo1E5cACgkQ406fOAL/ -QQDr4wf/QKxsfZDpVylUF6yiQpLRf5y+NLF4TKSBHz3sLS91IQElXrQg+pC4UTVJ -O22HkUXt9ViMh1zff8ZR9qrBcqmmtx/ndLOMTiXxMpmXMIToapNSUEpVYVlmVKfU -PLMKhDQWKF1aWDDqP1S5SN8cEvny4WcsCdI7vBHuuHdI/6cEv5NShHXC0XKfyOMB -dMy+kPxukIKdFbsc2wNk1JJ6cvkpVFwh1MyMmpGYrTdjQ7okVMD3OZkYrWFgiTXI -EQIaoENSM5mfk4V1EFeUW9BQvyOfd139v5qP5alW6Dhl/KLccMJq64COAwpGHpGz -eqBKKuroW7UjPy8hF9ui2r7H/6+PKg== -=e1/w +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQCqPQgAqSpFg9YYYdd21pX4RCLGvnM4PQiS429Hhl7dTOjeFbguPQW7NhdXkVM9 +TpDPZRTPWK0RUIBuLZkScD8oii7ImXVF8oamPga2ssudNI0C8MI+VR68bZixOjZh +Mjm+bU+gaT3LYjTUSRCjxqj0ezsndWvZ/xTiBjmowWJ/fk9uaFp582stOq4p2/gq +Vn3aFc4/B65RQnfQKmAzJk2EAU7I7ESkvhiYsVnOQ9i7PRerw4k0ggyE0ML3vEKu +4xAyk0vyR7ygLp1Iy+pmX3tq30UHvylkyLpwzk7uuHZ3BGjo/SSyxolF7IYoCHfW +rwZA3M6D3Usp/c6GEXwm7RDTOEas6Q== +=oDLU -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-53913.md b/content/security/CVE-2026-53913.md index 85aefed7..dc18959a 100644 --- a/content/security/CVE-2026-53913.md +++ b/content/security/CVE-2026-53913.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-53913" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-53913.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-53913.txt.asc b/content/security/CVE-2026-53913.txt.asc index c04e5d9b..2c1edad6 100644 --- a/content/security/CVE-2026-53913.txt.asc +++ b/content/security/CVE-2026-53913.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-53913" -date: 2026-06-11T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-53913.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23738 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23958 (commit 1477cb4e87b2c301f1cdcddca5b153fbbef6934b) and backported to camel-4.18.x (commit b62170072348cc4073ddf705ad716aa3678d6c09). The fix makes KeycloakSecurityProcessor.beforeProcess() always authenticate the access token when one is present, independently of whether rol [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoyo1oACgkQ406fOAL/ -QQCuPQf/SoUiMZd6aC4u32cTeMeinJxY3eoI3ILCwJiUJkH30DhOtnZTKeJQ9ZWR -qM4LjkhaS+BhmIXULPsimSPq4lODKkLTj1ZkQb0b+aqtf9MzYKK9vSz5g508yAnh -Etg14qnR4UF8KAVmvBJzMHm3UQ+GCOevc7l29t6RnXgF9VLySVVkVHPR5CiVoUMT -eQK7eHg8UZetxBTf2KWW+QPHOzWXwGIyCzWPNv42PFHrxsBXkQ0kOZl+23KrafXl -KmvgoZGkO5k7gpi24TZU0LmGu1n2FDInR8cwoITPMk5InWLCwdWw+mcrup1SUnT6 -NpNuTlnkm8XbdbKhs6IPUkCOlyEoNg== -=bQeG +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQB94ggAuWrt8fgxV5xcywZv6zPAjjEW9qRuF8+vJbKpI7SnVj6onOz9gmPx2/sz +kg5TUWe9Npwa98l/8EnVRf64HvK3GPm57AHS0+sjVCwCMQhSg+ZanEmRAtL8RDbZ +r7NUeW32TKndMGFKshc08CHCBu/7RubJVVIWbq/zmtjkaS6moxdUgpIeYVgcf/g/ +18w1SW2TMxnIC00tnV1/mzNfYClm6gbcsxO1EZVtYS5H/02QP2nVlQRMLnQ1sGGy +MRYgE9DalAMQTLhCtmUMa5QPCjz4VxFyuZ769Wlprg9DOduZCmPNoqTNnCef/tdm +xC7SNGsbPtVGHcpWGghAoGI0EdF4IA== +=Te3g -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-55993.md b/content/security/CVE-2026-55993.md index a5365165..dfe9709f 100644 --- a/content/security/CVE-2026-55993.md +++ b/content/security/CVE-2026-55993.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-55993" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-55993.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-55993.txt.asc b/content/security/CVE-2026-55993.txt.asc index 2c06795b..034cd2a6 100644 --- a/content/security/CVE-2026-55993.txt.asc +++ b/content/security/CVE-2026-55993.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-55993" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-55993.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23532 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23285 (commit 1e776238202edb9d98972cff558e12b53e499647) and backported to camel-4.18.x (commit 88c43e3af36013585b5483c671950f30e5833a5f) and camel-4.14.x (commit 508fc15deca97ba373eb3881a00e220eab9ec428). The fix makes the camel-atmosphere-websocket consumer apply the HeaderFilte [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmozqzIACgkQ406fOAL/ -QQAuqgf/Z9FFKSFpkazbpYBQp7xYrE6lbzbnLKqAi6rj9IDf6gIbh9UbEsMlPHCX -WhznKQDDEVCL7XSskSdf45KFb8hzndD1D6hgDhygZvPkV8ngGqQEY4A+9AaQDQAR -fI+lHCQwCNtEJVVSN7nBQb5PIKcsvBFMRZPTxsSoGrgEFcgeXYIpKuC4OWyQ46ou -rmal9QKAyGUgs+wl1WbHG+3Bo3jTqgI4hSe10WK9/0aKXbuRWXExmL7yHScDM+5+ -GT1YkkF4E6FfMfnmzT9UEjMDVFN+WC1MrrurXxQI43LwJJGaWGtvaX2JZWKeZUB9 -ApJPogJ7BDgFUR1yJebOK7le6XvJXA== -=1GAV +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoh8ACgkQ406fOAL/ +QQBeTggAit0hwnMq5p/KBlcVftLjLo0V7ss5aQ1PnOGG+RaVoju5FOppRQmvydJM +5Muh3pt2Q3AberWgE4uv2LlSkNFYVJdoT2dmrlMNoCASOWGDJwRQNgc6JNmm08Re +h3/9R1KL6kmav1JA9OP4+7QKfY0J9fdLkrnfq2mKJiPHnA0smYWP9IQJItT0fRa4 +gs13nmxw2Xufw/LD41g637ggaqFe2DuCF4MPn7IdBaBDPskzIckBCFNZTGevnJfY +f0psUMFokF3w0aJXlbOEnQkoQn68+UXdzEbeOv/rbY5Am1nxfRyYIo9wG+s076Hv +Ed6MrX4Oz1t4pwzgWe8CEHQxxlj8xw== +=Y5rb -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-55994.md b/content/security/CVE-2026-55994.md index a41b6aff..e0eb7401 100644 --- a/content/security/CVE-2026-55994.md +++ b/content/security/CVE-2026-55994.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-55994" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-55994.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-55994.txt.asc b/content/security/CVE-2026-55994.txt.asc index 057edffb..3bdbec5e 100644 --- a/content/security/CVE-2026-55994.txt.asc +++ b/content/security/CVE-2026-55994.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-55994" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-55994.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23532 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23285 (commit 1e776238202edb9d98972cff558e12b53e499647) and backported to camel-4.18.x (commit 88c43e3af36013585b5483c671950f30e5833a5f). The fix adds a dedicated IggyHeaderFilterStrategy and a headerFilterStrategy endpoint option to camel-iggy, filtering the Camel header namespa [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmozq0gACgkQ406fOAL/ -QQAnEQf9HGhvWhoX89P3xrVIDYEF4TUo//KqPX9esClVKLLEPjJ33RxJieWMh5G4 -TaTzUPtkF0AP/OdP2Z0lxZ02o237XUlZ+CneFbc50zC3x4HZzI4X8/q3FVwdmssg -Z89c+3fgipjzQq3II7FedypFNe4KjN7LTXb5NdUPVrIbsin6/jrMbWW8MgH5yK7Z -10x8O5R8Aq1sRDt09Axt2D1iBxsISHlMMzGVZdkahbgh8tQz7gxiy1/KNcMwKPiM -iQqNoWNhvOB2+8JSkuOflYvHIxn9Uck8aroU0vwTdduL8nwTMz5Tj12VhBV1jrlE -PExLeZO998JIte9K0U9lbxb7sn1avQ== -=lPIw +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoiAACgkQ406fOAL/ +QQDNWQf8Dp5iiHRJOIM0NXd8cV1C7k0nEPO/lAOSb/syRyzGWI2Xu/oL+zcZVVIh +P6KKmgOKbyjPibWgGUKbPzs+MWwJ4nAmht8Acnt04WkCeSouiXO+urUEJuW0bRrv +6R1ZexzLylgjlcBjLAcJ4/S8atI9z1bLqwEmfYZo4YLi+n2HYHiztEpAyUfF+nIa +Qyeyx5nkfB5x89qr/0iT5XA8fwhvpVcIUFsXCjdSk/vNApxqxfNBFmpXsn67cI2O +Quztb6O6yrJj5zFb4b01/E1cceJ11OzB8iZNaXqx0aU5funQqMXSp3tSHRdNydtH +5bGFqQVFaBMGHRfa58XO7ObNHrEOlw== +=T0DM -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-56139.md b/content/security/CVE-2026-56139.md index b4254118..9ff5b790 100644 --- a/content/security/CVE-2026-56139.md +++ b/content/security/CVE-2026-56139.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-56139" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-56139.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-56139.txt.asc b/content/security/CVE-2026-56139.txt.asc index e809117e..cd906eb5 100644 --- a/content/security/CVE-2026-56139.txt.asc +++ b/content/security/CVE-2026-56139.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-56139" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-56139.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23651 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23913 (commit 6cea553aa42ed1326ac57ad800d66674bc453932) and backported to camel-4.18.x (commit fdcf67a00470783ccb93b948883b6a4c5275aff5) and camel-4.14.x (commit b1badb58a407e4d16c8b6bba81650d4c68e55eaf). The fix aligns the muteException consumer-option default in camel-undertow [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmo1E58ACgkQ406fOAL/ -QQBAOQf/RSFXBJ5nNKE5+o2MNyGPPne7TK2Wfps1sR3djZs2nUJqqH4NuQBHVZVC -ZcYaA5hV6qDEt3iDmyWhYT8fpMnwzXjwB0dw2Q7c3YE7Nxymngj29fj/8AXwCr6Z -sao1h/JunTXwKEqMiejS40jkDkxjduRcnbygMDfcXtph9kt67sq+BK7yvSSiaseN -1yld++Yfexh9v661odDX+pmo1MK3aERbERY2Q/h0XGKBmfKEf+P4lNa1lIBBF6XW -e2IoFgnWFGa58hadnXl1coquRRqAnloBUpikkqdpexpSfgUMiVBh2ZCFOUW/Bu+1 -Sv0VLyP64j0RSnyD4M8GINbIs5mZIQ== -=Asqi +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoiAACgkQ406fOAL/ +QQCnRQf+J7e9pg870IbmPQPc7pWRpveXjIcoAbXnLEsvqlDk695bmye0SOaIimr1 +ZiUP9+A1BQlaX97qfvkdjigE2cNKnBvSpJQdrOtvZlYbiAOU1AjiUXSNXJdGdtR8 +bHAWoSidMfmKlDrOjIABhF7XJhE6OWTuYs1iFNpb462Hi9BYjyxOHLM6gfuJxHtw +a0Bu5xeUNSOl81yEMwTaG5WcFgN5VtNt9Q1917PsFy6OnESwpSIjjflFBvKgpWS/ +OgyaK3LU63wY5fEHF/uBQxBdfSdzhceP6mrQEa9xvqillUglUxB8Y60rXzMgcIIK +AgIyj85UikWio1wxJJGeBbr/1enA6g== +=i9LU -----END PGP SIGNATURE----- diff --git a/content/security/CVE-2026-56140.md b/content/security/CVE-2026-56140.md index cb4c6016..3847b826 100644 --- a/content/security/CVE-2026-56140.md +++ b/content/security/CVE-2026-56140.md @@ -1,6 +1,6 @@ --- title: "Apache Camel Security Advisory - CVE-2026-56140" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-56140.html draft: false type: security-advisory diff --git a/content/security/CVE-2026-56140.txt.asc b/content/security/CVE-2026-56140.txt.asc index 536a8353..702eea39 100644 --- a/content/security/CVE-2026-56140.txt.asc +++ b/content/security/CVE-2026-56140.txt.asc @@ -3,7 +3,7 @@ Hash: SHA512 - --- title: "Apache Camel Security Advisory - CVE-2026-56140" -date: 2026-06-18T10:00:00+02:00 +date: 2026-07-03T10:00:00+02:00 url: /security/CVE-2026-56140.html draft: false type: security-advisory @@ -20,12 +20,12 @@ fixed: 4.14.8, 4.18.3 and 4.21.0 The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-23506 refers to the various commits that resolved the issue, and have more details. The fix was merged on main in https://github.com/apache/camel/pull/23221 (commit 5f57258fb33d33ef99df10594f8fe9f11d7c2b7e) and backported to camel-4.18.x (commit 7b334be0419839097a132d4ff3427fc4083e695e) and camel-4.14.x (commit b7f78292e747a28dbf5da444265557b5f9f3c1a1). The change adds setInFilterStartsWith for the Camel namespace to Sns2Header [...] -----BEGIN PGP SIGNATURE----- -iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmo1FZQACgkQ406fOAL/ -QQAxeAf+N04am8wKY2AE7xhjf4wNeC2K151K+sbZIVbeCBK9TgH1A/MkHMFn/d6X -2XM6GaIkfzipkX4WUZ8IG8vD0YgR76GSv3FUKhG0lxamLcr6xiUNCxWxKeKerdqn -r4kC6kG7c/o2pE4lyYV37o/7b1iNQ6LdpQAtv6C+jufVHLP10Q45pkn6dBFaNeHF -f2cWjttdz+B4UvD2W8KJK3K0hUfWbzCNHuETqfrYiP1qIv4EwWipKy292HLmJBmZ -XC4mHMvg56b8zF/yfi0aUCGB5u8IqdcSvKW6YzJmsT8rf+9gKFHKuXPcVlZHpoZ/ -LZIDXeNRx5KK1tHJwcGRISTDr25ung== -=Ghkm +iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmpHoiAACgkQ406fOAL/ +QQAUEQf9FeKELKJHlMM4FXmRpcg+FSxffrYyLcCeWHOHtVIKN1WTi9aDNXujlfqa +kpZHpwcXr3E9yaTHmO6D2W36XlkLb/LTSEYJOfwY71sR7QHQ2HS9Wua+b+h9CLCG +Fztt1oWrCotquVzrKzfeqWfL1TfvmaF2oI7QA4MWM87br7DX2Uxzmg/OsSO/BaEc +chASY9qvQoRRFMwcc/MyCHAkHYFN384HDvSwoEz2RMOAQ1TV7VLugH02msA+rma7 +fFiYqsYr/JN2BXNaJszh0g65Rgf7bKDR9KSNF1xeWDxyrZxUMD9Ng/1PSFBK+Pny +u7kBnf1MIrdhBqatqhEvV+bHP+2VTA== +=hvqz -----END PGP SIGNATURE-----
