[camel] branch master updated: CAMEL-13589: remove security advisories from ma...

zregvart Wed, 03 Jul 2019 02:17:00 -0700

This is an automated email from the ASF dual-hosted git repository.

zregvart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git



The following commit(s) were added to refs/heads/master by this push:
     new 95e0834  CAMEL-13589: remove security advisories from ma...
95e0834 is described below

commit 95e08341d2ba2d5185bfd6a4ff0fe6b736d95c8e
Author: Zoran Regvart <[email protected]>
AuthorDate: Wed Jul 3 11:16:33 2019 +0200

    CAMEL-13589: remove security advisories from ma...
    
    ...nual
    
    We don't need security advisories in the Camel git repository, they are
    migrated over to the Website repository and maintained there.
---
 docs/user-manual/en/security-advisories.adoc       | 73 ----------------------
 .../en/security-advisories/CVE-2013-4330.txt.asc   | 46 --------------
 .../en/security-advisories/CVE-2014-0002.txt.asc   | 46 --------------
 .../en/security-advisories/CVE-2014-0003.txt.asc   | 46 --------------
 .../en/security-advisories/CVE-2015-0263.txt.asc   | 38 -----------
 .../en/security-advisories/CVE-2015-0264.txt.asc   | 38 -----------
 .../en/security-advisories/CVE-2015-5344.txt.asc   | 52 ---------------
 .../en/security-advisories/CVE-2015-5348.txt.asc   | 37 -----------
 .../en/security-advisories/CVE-2016-8749.txt.asc   | 35 -----------
 .../en/security-advisories/CVE-2017-12633.txt.asc  | 33 ----------
 .../en/security-advisories/CVE-2017-12634.txt.asc  | 33 ----------
 .../en/security-advisories/CVE-2017-3159.txt.asc   | 33 ----------
 .../en/security-advisories/CVE-2017-5643.txt.asc   | 30 ---------
 .../en/security-advisories/CVE-2018-8027.txt.asc   | 31 ---------
 .../en/security-advisories/CVE-2018-8041.txt.asc   | 32 ----------
 .../en/security-advisories/CVE-2019-0188.txt.asc   | 25 --------
 .../en/security-advisories/CVE-2019-0194.txt.asc   | 27 --------
 docs/user-manual/modules/ROOT/pages/index.adoc     |  2 -
 .../modules/ROOT/pages/security-advisories.adoc    | 55 ----------------
 19 files changed, 712 deletions(-)

diff --git a/docs/user-manual/en/security-advisories.adoc 
b/docs/user-manual/en/security-advisories.adoc
deleted file mode 100644
index 606acd5..0000000
--- a/docs/user-manual/en/security-advisories.adoc
+++ /dev/null
@@ -1,73 +0,0 @@
-[[SecurityAdvisories]]
-
-### 2019
-
-link:security-advisories/CVE-2019-0188.txt.asc[CVE-2019-0188] - Apache 
Camel-XMLJson 
-vulnerable to XML external entity injection (XXE)
-
-link:security-advisories/CVE-2019-0194.txt.asc[CVE-2019-0194] - Apache 
-Camel's File is vulnerable to directory traversal
-
-### 2018
-
-link:security-advisories/CVE-2017-3159.txt.asc[CVE-2017-3159] - Apache
-Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code
-Execution attacks
-
-link:security-advisories/CVE-2018-8041.txt.asc[ CVE-2018-8041] - Apache 
-Camel's Mail is vulnerable to path traversal
-
-### 2017
-
-link:security-advisories/CVE-2017-5643.txt.asc[CVE-2017-5643] - Apache
-Camel's Validation Component is vulnerable against SSRF via remote DTDs
-and XXE
-
-link:security-advisories/CVE-2017-3159.txt.asc[CVE-2017-3159] - Apache
-Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code
-Execution attacks
-
-### 2016
-
-link:security-advisories/CVE-2016-8749.txt.asc[CVE-2016-8749] - Apache
-Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to
-Remote Code Execution attacks
-
-### 2015
-
-link:security-advisories/CVE-2015-5344.txt.asc[CVE-2015-5344] - Apache
-Camel's XStream usage is vulnerable to Remote Code Execution attacks.
-
-link:security-advisories/CVE-2015-5348.txt.asc[CVE-2015-5348]
-- Apache Camel's Jetty/Servlet usage is vulnerable to Java object
-de-serialisation vulnerability.
-
-link:security-advisories/CVE-2015-0264.txt.asc[CVE-2015-0264]
-- The XPath handling in Apache Camel for invalid XML Strings or invalid
-XML GenericFile objects allows remote attackers to read arbitrary files
-via an XML External Entity (XXE) declaration. The XML External Entity
-(XXE) will be resolved before the Exception is thrown.
-
-link:security-advisories/CVE-2015-0263.txt.asc[CVE-2015-0263]
-- The XML converter setup in Apache Camel allows remote attackers to
-read arbitrary files via an SAXSource containing an XML External Entity
-(XXE) declaration.
-
-### 2014
-
-
-link:security-advisories/CVE-2014-0003.txt.asc[CVE-2014-0003]
-- The Apache Camel XSLT component allows XSL stylesheets to perform
-calls to external Java methods.
-
-link:security-advisories/CVE-2014-0002.txt.asc[CVE-2014-0002]
-- The Apache Camel XSLT component will resolve entities in XML messages
-when transforming them using an xslt route.
-
-### 2013
-
-link:security-advisories/CVE-2013-4330.txt.asc[CVE-2013-4330]
-- Writing files using FILE or FTP components, can potentially be
-exploited by a malicious user.
-
- 
diff --git a/docs/user-manual/en/security-advisories/CVE-2013-4330.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2013-4330.txt.asc
deleted file mode 100644
index 1f2e8a3..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2013-4330.txt.asc
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2013-4330: Apache Camel critical disclosure vulnerability
-
-Severity: Critical
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.9.0 to 2.9.7, Camel 2.10.0 to 2.10.6, Camel 2.11.0 
to 2.11.1, Camel 2.12.0
-The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x and 2.8.x versions may 
be also affected.
-
-Description: When sending an Exchange with the in Message Header 
'CamelFileName' with a value of '$simple{...}' to a FILE or FTP producer, it 
will interpret the value as simple language expression which can be exploited 
by a malicious user.
-
-Mitigation: 2.9.x users should upgrade to 2.9.8, 2.10.x users should upgrade 
to 2.10.7, 2.11.x users should upgrade to 2.11.2 and 2.12.0 users should 
upgrade to 2.12.1. This patch will be included from Camel 2.13.0: 
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=27a9752a565fbef436bac4fcf22d339e3295b2a0
-
-Example: Create a simple route which moves files from one directory to 
another, e.g.:
-from("file:c:/tmp/in")
-  .to("file:/c:/tmp/out");
-
-If you are using Windows, create an file with a name like
-"$simple{<some malicious code>}" (without the quotes)
-and drop it into the "c:/tmp/in" directory. The file consumer will read and 
process this file. It will also set the Exchange in Message Header 
'CamelFileName' with the value "$simple{<some malicious code>}". In the next 
step, the file producer will interpreted the value of this header as simple 
language expression and execute the malicious code.
-
-Credit: This issue was discovered by Grégory Draperi.
-
-References: http://camel.apache.org/security-advisories.html
-
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQIcBAEBAgAGBQJSSszOAAoJEImh9lEqI5wsaNEQAIoITjC6AWQru4H3Eqm7XmGJ
-X2PGYY08XhwDGR7qqnIsYFHIqsSMoW+1YhQqZNV66zrU1hDgpFDz3dj3IaQUXpaE
-9dI6B1eGvayF2GxoBnsc0Dua/43WdhWm9KBHrcGL3TQVEi3D7QmTv4Udsx3+5ita
-xQcYrmrltdKDp8r08GHwFV1jZnafPEbJ5Vw/ATqHAb0hZ7ozv3c3iAqTkER++dzL
-DL+gNKbN1eD8ZeixitQO4eirEkkiRlU8fC6dy+6e6Hra/0L16nyEmpsYWvx+mWnt
-C+1fQQjmwZW/zV2tVqznc8mlVUYuttp3F4GDybYqPgMXlWC9Ri0JZWlNoXTZ0zak
-f6KxcWqHvKs+LhCENFV2cnCtq2uHvGX0HMT4h/eVvGa/t/8gI2tgvaUtt0ylUNWn
-a1znMCjDRwISlqu+jfSja7g1IydtvN1/tssfTMJjRDmng4mpGEa03iunVuwHFJv2
-Y6khePzKKP4wXS5oQ9aMev039IKB2725R28iZ2YH2TolgjicAay8ulBGHq0jx0rm
-QI5zVrAAdWdX3kYjDGED/70gVfhF6N0cG4wpZzT9RW0oYU0kFeTEPJN/1jg3u9Mc
-Fm0FEDCOSRkX4OKKa5nQX8EL92Jz0g6YukPAaQyvegvbjvvMCSxgQbIwFyBh0Yt/
-9JRZ0jp01139FFdpa+QM
-=UpK9
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2014-0002.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2014-0002.txt.asc
deleted file mode 100644
index 252af8d..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2014-0002.txt.asc
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2014-0002: Apache Camel critical disclosure vulnerability
-
-Severity: Critical
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.11.0 to 2.11.3, Camel 2.12.0 to 2.12.2
-The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x and 
2.10.x versions may be also affected.
-
-Description: The Apache Camel XSLT component will resolve entities in XML 
messages when transforming them using an xslt route. A remote attacker able to 
submit messages to an xslt route could use this flaw to read files accessible 
to the running application server and potentially perform other more advanced 
XXE attacks.
-
-Mitigation: 2.11.x users should upgrade to 2.11.4, 2.12.x users should upgrade 
to 2.12.3. This patch will be included from Camel 2.13.0: 
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=341d4e6cca71c53c90962d1c3d45fc9e05cc50c6
-
-Example: Create a simple route which receives an HTTP request, apply a (safe) 
stylesheet and store the result in a file:
-<route>
-  <from uri="servlet:///hello"/>
-  <to uri="xslt:file:/tmp/transform.xsl" />
-  <to uri="file:/tmp/output" />
-</route>
-
-If an attacker is able to submit a message to this route, they can provide a 
message that is an XML document containing external entities. These entities 
will be resolved, and their contents included in the output of the 
transformation performed by the xslt route.
-
-Credit: This issue was discovered by David Jorm.
-
-References: http://camel.apache.org/security-advisories.html
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQIcBAEBAgAGBQJTENZhAAoJEImh9lEqI5wsukkP/2q4Tr9N2NMWYu9+5YYrpSST
-TWnhcE7QGVOu3ITRp0WslzzJoa6Dl1q1XB7NRiV9CrHrUAk/GMaMo0M51ezaYUOq
-+8HfiHpVbU+frk67bbTCceSug1xLsCb1upD0LUvM28siimMme2lmZtZuzKwYws2o
-dG3gqIIgBYxl6Z6tKb7BIqQobsiK/50q5iZ1Z7PLT1hNrJvnBh0N6wgqfSPM0CLj
-1NBN1xLJufcooT5pMYSXq8UAKvp9x7CymUTk/b/xbTGE5e8T/XNKAuXoe1/XRfMO
-mETrN11hQdrEtflK9uOwHhDOu2SvsBBjBmDGY90K/Da1d1Hjued2Uaz3qGf4nQ9F
-SVVLKfB4Z6VZkNqyjZ8JZjdJGWtrLMeixUxoGLKp8S2SXHG9HTfxh0a9GD7g3vfj
-hO10B3qJKeWcVnBru4tRy/lmPfmCw28gizR4KEej4YFiPDFp60Z2Rxxsz5dHyOq6
-fUkOcCsMmLUoj1i3YoIcFDos8ZPl6Zuu1xkmOxq+hslixaT9ROUwfuIkV8lRofgT
-c1A2Ao5FZu0UK7uR81TNflbTCy+4q7Wojfs6LMydU9VjcGkCl+ES2q9mtv3BE6rN
-r69g5lba6ooyZEqPNvDGwTznQVUiHM5roaEooDYnTSU4FhT56isTANqaGncIXCnZ
-t3sXFGy7PXvfxxpeKHTb
-=VJ0D
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2014-0003.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2014-0003.txt.asc
deleted file mode 100644
index 7d64855..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2014-0003.txt.asc
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2014-0003: Apache Camel critical disclosure vulnerability
-
-Severity: Critical
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.11.0 to 2.11.3, Camel 2.12.0 to 2.12.2
-The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x and 
2.10.x versions may be also affected.
-
-Description: The Apache Camel XSLT component allows XSL stylesheets to perform 
calls to external Java methods. A remote attacker able to submit messages to an 
xslt Camel route could use this flaw to perform arbitrary remote code execution 
in the context of the Camel server process.
-
-Mitigation: 2.11.x users should upgrade to 2.11.4, 2.12.x users should upgrade 
to 2.12.3. This patch will be included from Camel 2.13.0: 
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=e922f89290f236f3107039de61af0375826bd96d
-
-Example: Create a simple route which receives an HTTP request, apply a (safe) 
stylesheet and store the result in a file:
-<route>
-  <from uri="servlet:///hello"/>
-  <to uri="xslt:file:/tmp/transform.xsl" />
-  <to uri="file:/tmp/output" />
-</route>
-
-If an attacker is able to submit a message to this route, they can change the 
XSLT stylesheet to use for this transfiormation. This stylesheet could be 
provided by a valid URL and could perform arbitrary remote code execution.
-
-Credit: This issue was discovered by David Jorm.
-
-References: http://camel.apache.org/security-advisories.html
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQIcBAEBAgAGBQJTENZYAAoJEImh9lEqI5wsHK0P/35/jWdyzENsaPmW6dlivhuq
-b1GAeMQL5gN/lws1VC0+2cQ0HGqOxLItzpse3P0gApMqRi7uGnFT+Amblc2tLvFv
-mPJa1Zdm1jjtANPx1oweb3i7VtWXwefBivQ+RxxhKfaru96Q20NK8d2u203+GK9Y
-fjQmKHTgUtkpNxKfEgbtkHpCOX1C8xrBs/+JWHhtZFEBQHpzbllO5M2ofrjyJIsL
-OaJsd8hVxPXRgyjGDjuSrEObnvszEYkABCbrUgVrTI0NxewUg3orKb1GQjSpw9D9
-YehQurloyHcoqzRkNZsGaeZtiKnCmbyXmii61EoopoWnUyF1lRC8iCgmvyQDpoto
-ZVmkhhVl4VON7wSii4A9p4RDBch/zi6rlq+OYx13ZRMqtP6v+hgGNIZiSZ7j4ZTa
-wHh/A6MTN44/rAefnu8f2IhXPeTmWznez1jCc2hL4v/p+s4ttVNM1KBZkm/6saBH
-VNOrmu46Tcl/cll/tSP5rC+P/LMmCMPdciuV/zSofHjvG5meJMl0a08dMvdNobZi
-zGAcHAr6qXiYy6qMMMbTbQu++JUUWnbtaFndWHs/ALOUP9zF+fky30JTu/h2/RuZ
-98RnR19XsfL+JgouLmFkP/HtA/qUjbaUHQIvJj6J0R+aR+ItszthGDnSNRXWg1LR
-hvVPgX0RU6vPWJoJ0Wd5
-=gxws
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc
deleted file mode 100644
index b5036ea..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2015-0263.txt.asc
+++ /dev/null
@@ -1,38 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-
-CVE-2015-0263: Apache Camel medium disclosure vulnerability
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.13.0 to 2.13.3, Camel 2.14.0 to 2.14.1
-The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 
2.11.x and 2.12.x versions may be also affected.
-
-Description: The XML converter setup in Apache Camel allows remote attackers 
to read arbitrary files via an SAXSource containing an XML External Entity 
(XXE) declaration.
-
-Mitigation: 2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade 
to 2.14.2. This patch will be included from Camel 2.15.0: 
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
-
-Credit: This issue was discovered by Stephan Siano.
-
-References: http://camel.apache.org/security-advisories.html
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQIcBAEBAgAGBQJU/sahAAoJEImh9lEqI5wsKmkQAIPMcNnEvWWolihdFlC+4nQn
-Fo39aZ+nr6mH38PgH1Ho2wGPYYX6j6r41cJIOtU5lZzSmC8yaX5tEavm0bKK9XJu
-ScNKixYwxSejF326CKlm2Nl9X26OtZaPSrCyXn9fdFtvkSyo2qcypbYkIGujZW9R
-8sKLKHPgCupBjrDh0271D2BEw9eqZvNsKeBE2o/sePcHy5dhS8GQdKbBmfF1tDDl
-lfAWr+djLJ018X10krVek7GWajdXiZEsMmUZZ6i+Ao0Y9dTguVjTRxcO6gHPM4xq
-AyyDBF2tT2/JvP6QzeaspAI9Wpjr2CD0HKS3eURsfghsjWNklueYeEc/kE/5Usls
-4WiM2MCMPfhef5uY2cbt+BEeouAkIvNdyjzadEdIHJYzqwyWdTwuuabNG+X2zI+m
-+Sz0aepvpAXdWrfNFAiiGrzIDRVnZsTjEQ8THAeoSND08e111cy0S2TmKhVlljF+
-Ag5gqduoReWnIrksxJ5M0wkaOfubBgactRFoc8ZhIdmyY8xbiFJmywI9sZ1aTP5s
-tV/hFq7hcGCDqwFAHFsYRoXecfVHWEN/zr0MjXpQ6xT3f8Jedeamq1ZiaBDtfM5p
-SHumY30Tc+cCBV3nFVjxM+zAcFQ8gjnORnZEnZ2F+HQaJHZzQOLWZ6V/urcuHUzu
-HWeqvw4nphzuGl88Vv1M
-=IvV+
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2015-0264.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2015-0264.txt.asc
deleted file mode 100644
index 35e100d..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2015-0264.txt.asc
+++ /dev/null
@@ -1,38 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-
-CVE-2015-0264: Apache Camel medium disclosure vulnerability
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.13.0 to 2.13.3, Camel 2.14.0 to 2.14.1
-The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 
2.11.x and 2.12.x versions may be also affected.
-
-Description: The XPath handling in Apache Camel for invalid XML Strings or 
invalid XML GenericFile objects allows remote attackers to read arbitrary files 
via an XML External Entity (XXE) declaration. The XML External Entity (XXE) 
will be resolved before the Exception is thrown.
-
-Mitigation: 2.13.x users should upgrade to 2.13.4, 2.14.x users should upgrade 
to 2.14.2. This patch will be included from Camel 2.15.0: 
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
-
-Credit: This issue was discovered by Stephan Siano.
-
-References: http://camel.apache.org/security-advisories.html
------BEGIN PGP SIGNATURE-----
-Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
-Comment: GPGTools - http://gpgtools.org
-
-iQIcBAEBAgAGBQJU/saFAAoJEImh9lEqI5wsh5MQALhKWptMPv5ktFPxVcqORosf
-wXiUWvqL4MM67ZDzf4EqsOdMUWtoFB9gPD7ZUU529yji5uzEdPibrkvlPUUBkR6n
-funLrsIK3/rFsY/UFWJxGpm0ZWRbp+XqS8iykU27jsACQFPZVSTeURkYHAvKbwOj
-s6kAfF72y229kDGi12CP/z+r3XgL7dwrOCZ+Y+WxRUFq6TFSqECSn8+gQtRd9CN+
-/+sXjr+TBmVc2FBz06nFGbS72qVVVxKf0krdrqP8u34Ca9nV0686vozcINxH0CzC
-LtGuTCcyqFP+efEbEsC29SlAtQqq0zdTVLmlJF6CmC7yB5wSr0l9BE3nWPDx6OLI
-MXtoqXfdvQiOVQB8WlyP9D+c14Vl4U/ywuTERGl+e+QVSp35jdMju4UJJoMzGsM1
-2+PDm5BG7uuu5iuWQMTlwCBeJTPGhFLYrxTtwQ7zGvXZJdG7kElhzuESwDgo+gol
-i1AHBVS2w800AkStpSxo6El1/RiZJtq0hp1JJI8oWyUuY4zJqKRAQXtymOgH5xae
-o8BF5meg8UmidtQi9woG28o8VRxtfeZIhd/DeM6nuSWtFNdEItzV4ksm89F4Glhy
-oNLR1ufk5BJlG7EPj89w7MIklX70u3Q/LWeJOk6u6TGVxPhrZzOH2k7RMALIlKoB
-b4sZQjwpBaJG8hlJbvSK
-=8G1w
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2015-5344.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2015-5344.txt.asc
deleted file mode 100644
index 0fac84c..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2015-5344.txt.asc
+++ /dev/null
@@ -1,52 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-=============================================
-
-CVE-2015-5344: Apache Camel's XStream usage is vulnerable
-to Remote Code Execution attacks
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.15.0 to 2.15.4, Camel 2.16.0
-The unsupported Camel 2.x (2.14 and earlier) versions may be also affected.
-
-Description: Apache Camel's camel-xstream component is vulnerable to Java 
object
-de-serialisation vulnerability. Such as de-serializing untrusted data can lead
-to security flaws as demonstrated in various similar reports about Java 
de-serialization issues.
-
-Mitigation: 2.15.x users should upgrade to 2.15.5, 2.16.0 users should
-upgrade to 2.16.1. And if you are using camel-xstream to serialize payload to 
Java objects,
-then you need to explicitly list trusted packages. 
-
-To see how to do that, please take a look at: http://camel.apache.org/xstream
-
-The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-9297
-refers to the various commits that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Christian Schneider.
-
-A related xstream de-serialization vulnerability was recently reported for 
Apache ActiveMQ:
-http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2
-
-
-=============================================
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIcBAEBCgAGBQJWqyUtAAoJEN1wUKdrQA9p+ooP+wRwqVaLWcCpVNur91oJY7Ez
-w0x+Rl/tNsGX6U/1Mow/iJSYPSvaDhjrfCUgwLYlhLp3MDvkYE5C9e2nBkQU1Jjl
-REo2R0t8NmOARqF9pvZIDKj0F2/JViaOB/gT3ENZSDbroX1T78jr4kL6Ro48VrVj
-4WyAdTgRR73t/2e/R8S+H+ObjkzCYvdcRI7swXdlrJhDy93t08ebf69UpxL5Zdr2
-Dk/yavsYqYDGObAVCgdkAMiMayNeEjPbb+dD4DnohTs5egXkCfc0Dqg1/l/NdTK9
-ONTlGeFyNNLCAoyNd8iJZPR0mwi/juAfVA2zqabnMoZvosM6YwXqjzg8/5OLbaiZ
-765Dr7wP+zgUmB0y7AR+LMqjCvaw2jprOo17jtjMEBOAojaWWEJTl3ZBTdLYDAKE
-qfpbwPLcY+sBdBO93LM6g92kQ3AFnH3Gcc3J1dKvQuI2NEd/0EfKWGCCAMXXaHg/
-9hJjtWgCuzIXqHXptcu5CzfU0QPyNd30+3HpgEYR2XavUi4RVm+FvqPZh6b67ZHX
-X7GsRGkLcSFbDFtSAhLYKTp0P50AKo7l2W16ZZFJi0v7c9cZ7J1UbyjQxa67gfR4
-yH23PYKU3Bh7U1gZiqDVRw8jXjAuc5WLH/fJg4e0Vrlhxa2W8qcykSu745T9b7+9
-Hu/gcBdRJG8ZWo9XzSsH
-=zUaO
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2015-5348.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2015-5348.txt.asc
deleted file mode 100644
index e68d46c..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2015-5348.txt.asc
+++ /dev/null
@@ -1,37 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-CVE-2015-5348: Apache Camel medium disclosure vulnerability
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.15.0 to 2.15.4, Camel 2.16.0
-The unsupported Camel 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 2.11.x, 2.12.x, 
2.13.x, and 2.14.x are also affected.
-
-Description: Apache Camel's Jetty/Servlet usage is vulnerable to Java object 
de-serialisation vulnerability
-
-If using camel-jetty, or camel-servlet as a consumer in Camel routes, then 
Camel will automatic de-serialize HTTP requests that uses the content-header: 
application/x-java-serialized-object. 
-
-Mitigation: 2.15.x users should upgrade to 2.15.5, 2.16.0 users should upgrade 
to 2.16.1.
-The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-9309 refers to 
the various commits that resovoled the issue.
-
-Credit: This issue was discovered by Sim Yih Tsern.
------BEGIN PGP SIGNATURE-----
-Comment: GPGTools - https://gpgtools.org
-
-iQIcBAEBCgAGBQJWcnDDAAoJEN1wUKdrQA9pc2IQANO6MRTi2J5xjWrNJ9vFGMEK
-5Mm6SXnn0KAYp/ET2WxBfe7D9V+WpcmGejost+7zhixKZ6sqo9uaQ45JRd5Ce6vg
-gOfcJVEp0tJWtfR3Tgzpe9x8iL76zrRHlFlUFlo3w09AfA3H/ogeV+jE7in6P/Fu
-JNlDWdbmV/WbflaqU643uo6/kScuE5Nzmhdon7QLnztirCzkFSXgx9t9+2mc9X+t
-FfliGvIxM54nZ/RR13SeE0BFh4KS2+kEZRivB3fyRMl3pwWzU3pYxYJt81AsupJb
-razSEon5281M2G1zaZK8ng/6P3bHACHkOYK6ivsdkQ4zg4YKnShU1nkX2BBBXXrd
-dhn5ilcmA65R4jq7Vzk9D3QwwN9Io+0OPdca1WeT79qLpCqlkMOuJQFE6hIfVoQe
-sTmz5QIoPyQIWP1tPQS+QzSDx+zNlqte4t48wRkTqXuja/sfi5JzuXtDJwBjGt+L
-FO1oA2CEoaiCzOdCVthvZrNBsgYCig7dmeKaYzVRCm1oYHkwd7hCvsg261uOSTHJ
-glZrmn3FT/G7qx6MaNLXQD6UZ5XMwx5ToSnILCORDf2UH8sEtyJfkJtIOIQxTeh4
-+vV9GYDxNOV/rpqfxcYzyIcfcGK2R4MaoAdLx4RSJoZSz88N2372pTs4pZGAmS7K
-cXFnb/HjMssv62nffgkE
-=Qn8/
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2016-8749.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2016-8749.txt.asc
deleted file mode 100644
index 585eec1..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2016-8749.txt.asc
+++ /dev/null
@@ -1,35 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2016-8749: Apache Camel's Jackson and JacksonXML unmarshalling operation 
are vulnerable
-to Remote Code Execution attacks
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.16.0 to 2.16.4, Camel 2.17.0 to 2.17.4, Camel 
2.18.0 to 2.18.1
-The unsupported Camel 2.x (2.14 and earlier) versions may be also affected.
-
-Description: Apache Camel's camel-jackson and camel-jacksonxml components are 
vulnerable to Java object
-de-serialisation vulnerability. Camel allows to specify such a type through 
the 'CamelJacksonUnmarshalType'
-property. De-serializing untrusted data can lead to security flaws as 
demonstrated in various similar reports about Java de-serialization issues.
-
-Mitigation: 2.16.x users should upgrade to 2.16.5, 2.17.x users should upgrade 
to 2.17.5, 2.18.x users should
-upgrade to 2.18.2. 
-
-The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-10567 and 
https://issues.apache.org/jira/browse/CAMEL-10604
-refers to the various commits that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Moritz Bechler from AgNO3 GmbH & Co.
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJYmy0QAAoJEONOnzgC/0EABM0H/2hA/LOWlYB9iatYjg054mqZ
-BxMgMrDbvapoTr/ga7FPgm48nTlWlI2Xw0chOV3ZMg1fgH/rCEAhaMQnEgyd4Aor
-tVl8GW43bKwiYv+QrTWmQLXeK4PJHtR8DP0LG7f2EDvwsFcRSo0yE5MmsrQFiWjM
-rXEZINqe56s60pgrdFU0aqsf37iciI9A/UYnOZeBHLQf9QaZv38AMVrTz1awRoX7
-R6b3RvYh0qjGcyYMVH7RDTZ8BS+XdX3GZVKTFPFTZgMjKofA/XDJiOsMJsE2rT+1
-eSOd3Gr2LTIgXAhX1BH1FBghoHXV7hxKmwYo1yT7Dqw2xpdANUtlaEhtTP/Dl9I=
-=/6Ky
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2017-12633.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2017-12633.txt.asc
deleted file mode 100644
index f193656..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2017-12633.txt.asc
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2017-12633: Apache Camel's Hessian unmarshalling operation is vulnerable
-to Remote Code Execution attacks
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.19.0 to 2.19.3 and Camel 2.20.0
-The unsupported Camel 2.x (2.18 and earlier) versions may be also affected.
-
-Description: Apache Camel's camel-hessian component is vulnerable to Java 
object
-de-serialisation vulnerability. De-serializing untrusted data can lead to 
security flaws.
-
-Mitigation: 2.19.x users should upgrade to 2.19.4, 2.20.0 users should upgrade 
to 2.20.1. 
-
-The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-11923
-refers to the various commits that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Moritz Bechler from AgNO3 GmbH & Co.
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJaC/hCAAoJEONOnzgC/0EANYoH/3L/EMwTMeF/bHw+rHN6TYEf
-vS6fYmpG9zygJt0yIA+yHqgidxKdtPHpoOnBhCw/pQsoiEpDTe75eiilTE6j5U1d
-DDtHri3Im45WEL28BeHfb5Eme2ccVj055pYgPnQpGTN2cO5+rkykWdU/obfk44Rr
-01b8a+i0nM+LJ9N6Tw8n1wQMvfwNYQTHdK1RVXYbm2JedjJYHGBgqgjEZOfrCQ1r
-QNqSr9U0hkt0CdYgxGIY2WJi/AIHwLbOuYH3u+m02WJgw2abJRRabLNMiQCz93IF
-k9FZBUTf2I45FPpT/Y5FC5+HgKzW40vTCRAcuZlpwdq9Kv8nF3DFcsPVxBSM9ok=
-=knWB
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2017-12634.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2017-12634.txt.asc
deleted file mode 100644
index de9771f..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2017-12634.txt.asc
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2017-12634: Apache Camel's Castor unmarshalling operation is vulnerable
-to Remote Code Execution attacks
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.19.0 to 2.19.3 and Camel 2.20.0
-The unsupported Camel 2.x (2.18 and earlier) versions may be also affected.
-
-Description: Apache Camel's camel-castor component is vulnerable to Java object
-de-serialisation vulnerability. De-serializing untrusted data can lead to 
security flaws.
-
-Mitigation: 2.19.x users should upgrade to 2.19.4, 2.20.0 users should upgrade 
to 2.20.1. 
-
-The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-11929
-refers to the various commits that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Man Yue Mo <mmo at semmle dot com> from 
Semmle/lgtm.com.
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJaC/hNAAoJEONOnzgC/0EAjcgH/0pwXq7bn9HTnKJOswZ64QWA
-7yhFD2UASVaV3jZJnl/gavlHeLXqGdi+jBs2INxveNF9MWdSacRfi6aO+4scYZDw
-18Ra+nH2FVeIeO3VhrI0WQTTK9TNByLmiZ3Rn0v2eH06XV7Oc3MR5JsdEHBR3YCx
-T6TLqGB8QD/fXICmr5ztLeIVAWMFhThNVHiNX281cOtiyZrWWNHGfJAKTPEVz+nL
-/EiNn7M2o/8NGWNVr1rC+yBAGxoMrSd7eyNoMC7kd42uF+rpJWzi/QE8we6wQrDO
-3hhzUJsmAHv+Ap/97gp/Z+plDvysDREj3YnFMUFrJkJeBVqeg5c8XJGTiwMCN+k=
-=Cb8h
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2017-3159.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2017-3159.txt.asc
deleted file mode 100644
index 884e78a..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2017-3159.txt.asc
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2017-3159: Apache Camel's Snakeyaml unmarshalling operation is vulnerable
-to Remote Code Execution attacks
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.17.0 to 2.17.4, Camel 2.18.0 to 2.18.1
-The unsupported Camel 2.x (2.14 and earlier) versions may be also affected.
-
-Description: Apache Camel's camel-snakeyaml component is vulnerable to Java 
object
-de-serialisation vulnerability. De-serializing untrusted data can lead to 
security flaws.
-
-Mitigation: 2.17.x users should upgrade to 2.17.5, 2.18.x users should upgrade 
to 2.18.2. 
-
-The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-10575
-refers to the various commits that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Moritz Bechler from AgNO3 GmbH & Co.
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJYmy8MAAoJEONOnzgC/0EAujYIAI7eOnnkKE7wcHXjMeqUUDrb
-EyqEFaWuUWenUhx5PoVu2zQ0m9m1uRC3vzRQTJzZpN83WOlkDUlcXcJzLAWDy1AW
-W9dHgDTaP2zbUIPKo4Zjy+pur9afirAMRasCS0NAWAETHVi54ZBpCFQVkxk72xdO
-pLxAAnvTQfxbCfqEgTlzttU0ovaG4DOvAteQfpHZyjPxGaY3T15pAGK0ZOBvmd0T
-jATx/Nk3CoSuC8n6ECAbBcenRtycRh6HwvA6HFDFpgR3EI/FOq2/ikG4bLyJdgTW
-VsTmanwq4zKtlhQAAyQvfSJcr/7EoRL1k4Ui0D2oZvMat1fQnwOR13QQQmb73RU=
-=U+u3
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2017-5643.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2017-5643.txt.asc
deleted file mode 100644
index 4d829fb..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2017-5643.txt.asc
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2017-5643: Apache Camel's Validation Component is vulnerable against SSRF 
via remote DTDs and XXE.
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.17.0 to 2.17.5, Camel 2.18.0 to 2.18.2
-The unsupported Camel 2.x (2.16 and earlier) versions may be also affected.
-
-Description: The Validation Component of Apache Camel evaluates DTD headers of 
XML stream sources, although a validation against XML schemas (XSD) is 
executed. Remote attackers can use this feature to make Server-Side Request 
Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML 
External Entities (XXE).  The vulnerability is not given for SAX or StAX 
sources.
-
-Mitigation: 2.17.x users should upgrade to 2.17.6, 2.18.x users should upgrade 
to 2.18.3. 
-
-The JIRA tickets https://issues.apache.org/jira/browse/CAMEL-10894 refers to 
the various commits that resolved the issue, and have more details.
-
-Credit: This issue was discovered by Franz Forsthofer
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJYykp3AAoJEONOnzgC/0EAW1IH+gK4vn5vD+Nve0BWGjMwi7ja
-37HH89UdViakH44YBhUObxXrZ+zAJ53fSuXhorcH8zT8hSdgIhuSkhvMKfWfSr5t
-pVAh2sNLO8Mnpv/8K2HZ8QVL5RuaYdDcI19TAYO2iSrxI+PX8P3SGqbBmNu1c6E3
-0uVJSCcBscvSporgXdNi4+Oh8YpuuQAmocHbUJf+kK8Sc/Z7rTlMzCJwORvuoekM
-0HDC+bfhNgoBU/k6qclTxTEbxMByDX354go/fz8RB/VKzaLuT8UcMp5rvgIYBJTs
-kT6K2NchfXIMo8Zmq2iq3QfabtuXgsJtUjYRFHasrFSvrzoqzXpoaTE1XCFgobE=
-=BTx+
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2018-8027.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2018-8027.txt.asc
deleted file mode 100644
index 9f3dfdd..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2018-8027.txt.asc
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2018-8027: Apache Camel's Core is vulnerable to XXE in XSD validation 
processor
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.20.0 to 2.20.3 and Camel 2.21.0
-The unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
-
-Description: Apache Camel's Core is vulnerable to XXE External Entity 
vulnerability XSD validation processor.
-
-Mitigation: 2.20.x users should upgrade to 2.20.4, 2.21.0 users should upgrade 
to 2.21.1. 
-
-The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-12444 and 
https://issues.apache.org/jira/browse/CAMEL-10894 (partial fix)
-refer to the various commits that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Karel Jelínek <karel dot jelinek at 
unicorn dot com> from Unicorn Systems.
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJbYAqQAAoJEONOnzgC/0EABaoIALQPhIMQnay46DuHSs6j369P
-FgDCWP9gI5ObErP0CDFB+B0ubTPFgeieQPJ1/x5h1/V1zOakO30q4P+omHfL69xt
-5WbOEPG4vO6w3AugaJ8Hxu9ixLMBfBWc2Blt5ABxSxz+dmOmEgRt0Rfwy81KwbUL
-jzx7mo9v0kEd6E8i31yc+nlfYLgkRL+j4CWI2HbfngEh/vm1HRUHMvM/lbw3c+O7
-q0Xkfu5hwCBiNG4AZLGvPXyVy50Woi6DqdS0wydZSdS5gppdYo72I/jm1Q31m+uy
-cR7ytwOn9TPbOQ1MQbk7cJB1Y9zNY1Uy4A74bHGPyXMIP9hrSbS4khxspbFH2Xw=
-=/C9K
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2018-8041.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2018-8041.txt.asc
deleted file mode 100644
index 6f605f0..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2018-8041.txt.asc
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2018-8041: Apache Camel's Mail is vulnerable to path traversal
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.20.0 to 2.20.3, Camel 2.21.0 to 2.21.1 and Camel 
2.22.0 
-
-The unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
-
-Description: Apache Camel's Mail is vulnerable to path traversal
-
-Mitigation: 2.20.x users should upgrade to 2.20.4, 2.21.0 users should upgrade 
to 2.21.2 and Camel 2.22.x users should upgrade to 2.22.1
-
-The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-12630 
-refers to the various commits that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Eedo Shapira <eedo dot shapira at ge dot 
com> from GE .
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJbmOMKAAoJEONOnzgC/0EAfSkH+wdNhAyFodwWREYgmHNbxTdf
-c3JFH+jeqCpg1wiDZmGS4GpRi0f7s4W09tTIgiTtFhJINzpxJ6JOkZX8AzB43bSx
-g83RdYmAplgrYaeY4dQnjAN9LrUSHTbLxWKsG+gR0FigkmL3B3qM30jGD3T4t3WM
-AJ5PXRR87v85I9A1CzjtBgrxY6Zjn8A70Jm1AYdQ83Ywwj8dUD8Sw8qiFl/V/VBm
-P77Y6/S0PzBu6AJR5k+31dy5aZaStwts0uWuCwwZl74DfDVwgM44rj9WTRJ9aseq
-hc9T/Y3S7JKHMA3oo6Wu3MjU9kSO1PQ39CNO5/oCnjAtk4SVVSwU3wNYlXWj1t0=
-=3846
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
deleted file mode 100644
index f6d70be..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2019-0188.txt.asc
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2019-0188: Apache Camel-XMLJson vulnerable to XML external entity 
injection (XXE)
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Apache Camel versions prior to 2.24.0
-
-Description: Apache Camel provided contains an XML external entity injection 
(XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib 
library. This affects only the camel-xmljson component, which was removed.
-
-Mitigation: Update to version 2.24.0
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJc57YJAAoJEONOnzgC/0EAI1oIAITlFL/xUHp0rEn5WaRoCbGE
-49ZYJ2/bwK94se0KMhT5VqF6mYf1BWMSVzrczN+Qm8bEb1tQPDZFnTUe0hUjMN61
-tJpGK1UPCOUm3rBVSmrkbYclBVCBgxIEjfeP7SAtBXZSQ7/SHLBG8OQWRur7CPml
-6qtDt9WqIV0da9hJgP2n0YExqyfbCb0IZkvo23DWlzAHZ0LCVc7V/lDqGG1cWsZw
-gEMtUfbaz4533vr5+LgST3z7AbnMBpk2P29/9M7Z3wOxtS2Ne6aw/ooJfRh/HJ5k
-sw4jNQ/4txaha4BszSH9Ibdm0nMyzlmv0u8nONM0X2hhxasybMXIdPlTJh308BU=
-=w7Pn
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/en/security-advisories/CVE-2019-0194.txt.asc 
b/docs/user-manual/en/security-advisories/CVE-2019-0194.txt.asc
deleted file mode 100644
index ee72e0c..0000000
--- a/docs/user-manual/en/security-advisories/CVE-2019-0194.txt.asc
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-CVE-2019-0194: Apache Camel's File is vulnerable to directory traversal
-
-Severity: MEDIUM
-
-Vendor: The Apache Software Foundation
-
-Versions Affected: Camel 2.21.0 to 2.21.3, Camel 2.22.0 to 2.22.2 and Camel 
2.23.0 The unsupported Camel 2.x (2.19 and earlier) versions may be also 
affected.
-
-Description: Apache Camel's File is vulnerable to directory traversal
-
-Mitigation: 2.21.x users should upgrade to 2.21.5, 2.22.x users should upgrade 
to 2.22.3 and Camel 2.23.x users should upgrade to 2.23.1 The JIRA tickets: 
https://issues.apache.org/jira/browse/CAMEL-13042 refers to the various commits 
that resovoled the issue, and have more details.
-
-Credit: This issue was discovered by Colm O. HEigeartaigh <coheigea at apache 
dot org> from Apache Software Foundation
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-iQEcBAEBAgAGBQJcyCQMAAoJEONOnzgC/0EAoi4H/iqigma2trual75FfCiiJuRz
-HEwjmJ+/aqWwGo5sBY53aDpD2OtCNylmCoRGDEgP3ToAv+WyEgfSXJYPjRJGT1wo
-+8DLiHe3m5Z/tJk9sscYPn5s9/4bd+gES16hBWNtTpF/yryvMMS9jgGWglgVHAD3
-wP9AyWV1HVbuf7axW/Q9SS/Tw0pgBfKTVuQrZBmMNpcO/0YTGQR3uIbr8KGpwq3P
-asNvlUgCub3osq4qM5OsjQTvtkGYQfHmnuotavKXuRZbBW18KxCaqcKQPUjOOedG
-SZ5aOhwNLCcXZ4A550FB6QJxAwRG/8SXzwXS90MT5WwFgfJKE3dzRAH2PWEIaxo=
-=u2h4
------END PGP SIGNATURE-----
diff --git a/docs/user-manual/modules/ROOT/pages/index.adoc 
b/docs/user-manual/modules/ROOT/pages/index.adoc
index 90f336f..e0b6030 100644
--- a/docs/user-manual/modules/ROOT/pages/index.adoc
+++ b/docs/user-manual/modules/ROOT/pages/index.adoc
@@ -28,8 +28,6 @@
 * xref:#components.adoc[Components]
 * xref:#data-formats.adoc[Data Formats]
 * xref:#languages.adoc[Languages]
-* xref:security.adoc[Security]
-* xref:security-advisories.adoc[Security Advisories]
 
 === User Guide
 
diff --git a/docs/user-manual/modules/ROOT/pages/security-advisories.adoc 
b/docs/user-manual/modules/ROOT/pages/security-advisories.adoc
deleted file mode 100644
index 6d1890c..0000000
--- a/docs/user-manual/modules/ROOT/pages/security-advisories.adoc
+++ /dev/null
@@ -1,55 +0,0 @@
-[[SecurityAdvisories]]
-### 2017
-
-xref:security-advisories/CVE-2017-5643.txt.asc[CVE-2017-5643] - Apache
-Camel's Validation Component is vulnerable against SSRF via remote DTDs
-and XXE
-
-xref:security-advisories/CVE-2017-3159.txt.asc[CVE-2017-3159] - Apache
-Camel's Snakeyaml unmarshalling operation is vulnerable to Remote Code
-Execution attacks
-
-### 2016
-
-xref:security-advisories/CVE-2016-8749.txt.asc[CVE-2016-8749] - Apache
-Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to
-Remote Code Execution attacks
-
-### 2015
-
-xref:security-advisories/CVE-2015-5344.txt.asc[CVE-2015-5344] - Apache
-Camel's XStream usage is vulnerable to Remote Code Execution attacks.
-
-xref:security-advisories/CVE-2015-5348.txt.asc[CVE-2015-5348]
-- Apache Camel's Jetty/Servlet usage is vulnerable to Java object
-de-serialisation vulnerability.
-
-xref:security-advisories/CVE-2015-0264.txt.asc[CVE-2015-0264]
-- The XPath handling in Apache Camel for invalid XML Strings or invalid
-XML GenericFile objects allows remote attackers to read arbitrary files
-via an XML External Entity (XXE) declaration. The XML External Entity
-(XXE) will be resolved before the Exception is thrown.
-
-xref:security-advisories/CVE-2015-0263.txt.asc[CVE-2015-0263]
-- The XML converter setup in Apache Camel allows remote attackers to
-read arbitrary files via an SAXSource containing an XML External Entity
-(XXE) declaration.
-
-### 2014
-
-
-xref:security-advisories/CVE-2014-0003.txt.asc[CVE-2014-0003]
-- The Apache Camel XSLT component allows XSL stylesheets to perform
-calls to external Java methods.
-
-xref:security-advisories/CVE-2014-0002.txt.asc[CVE-2014-0002]
-- The Apache Camel XSLT component will resolve entities in XML messages
-when transforming them using an xslt route.
-
-### 2013
-
-xref:security-advisories/CVE-2013-4330.txt.asc[CVE-2013-4330]
-- Writing files using FILE or FTP components, can potentially be
-exploited by a malicious user.
-
-

[camel] branch master updated: CAMEL-13589: remove security advisories from ma...

Reply via email to