[
https://issues.apache.org/jira/browse/CAMEL-21880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino resolved CAMEL-21880.
--------------------------------------
Resolution: Fixed
> camel-kafka - add lowerCase to header filter strategy
> -----------------------------------------------------
>
> Key: CAMEL-21880
> URL: https://issues.apache.org/jira/browse/CAMEL-21880
> Project: Camel
> Issue Type: Improvement
> Components: camel-kafka
> Affects Versions: 3.22.3, 4.10.2
> Reporter: Jens Kordowski
> Assignee: Andrea Cosentino
> Priority: Major
> Fix For: 4.10.3, 4.11.0
>
>
> Due to [https://www.cve.org/CVERecord?id=CVE-2025-27636] the following
> extension has been implemented:
> https://issues.apache.org/jira/browse/CAMEL-21828
> This has an effect on
> [https://github.com/apache/camel/blob/main/components/camel-http-common/src/main/java/org/apache/camel/http/common/HttpHeaderFilterStrategy.java]
> as it sets lowerCase to true. The same is not true for
> [https://github.com/apache/camel/blob/main/components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaHeaderFilterStrategy.java]
> Very old implementations of the same
> ([https://github.com/apache/camel/blob/camel-2.25.4/components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaHeaderFilterStrategy.java])
> were using patterns, which were explicitly marked case-insensitive and this
> changed thereafter. Following this recent CVE and the changes, I assume this
> was not desired, hence I marked it as bug.
>
> There might be other header filter strategies out there that do not set
> lowerCase to true.
>
> Best regards
> Jens
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
