[jira] [Work started] (CAMEL-22926) GooglePubsubProducer applies HeaderFilterStrategy incorrectly, causing Camel headers to leak as Pub/Sub attributes

Thu, 29 Jan 2026 03:40:08 -0800 


     [ 
https://issues.apache.org/jira/browse/CAMEL-22926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Work on CAMEL-22926 started by Federico Mariani.
------------------------------------------------
> GooglePubsubProducer applies HeaderFilterStrategy incorrectly, causing Camel 
> headers to leak as Pub/Sub attributes
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-22926
>                 URL: https://issues.apache.org/jira/browse/CAMEL-22926
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-pubnub
>    Affects Versions: 4.17.0
>         Environment: Apache Camel: 4.17,camel-google-pubsub, Spring Boot: 3.5
>            Reporter: B.Schlops
>            Assignee: Federico Mariani
>            Priority: Major
>              Labels: bug, camel-component, pubsub
>             Fix For: 4.14.5, 4.18.0
>
>
> h4. *Problem*
> When using the {{camel-google-pubsub}} component with a configured 
> {{{}HeaderFilterStrategy{}}}, sensitive Camel headers (e.g. 
> {{{}Authorization{}}}, {{{}Cookie{}}}) are still propagated as Google Pub/Sub 
> message attributes.
> This happens even though a global {{HeaderFilterStrategy}} is configured on 
> the {{GooglePubsubComponent}} and the headers are explicitly listed in the 
> {{{}outFilter{}}}.
> This behavior violates the expected Camel contract for 
> {{HeaderFilterStrategy}} and poses a security/compliance risk, as sensitive 
> headers may be unintentionally exposed to external systems.
> *Expected Behavior*
> When publishing messages to Google Pub/Sub:
>  * Camel headers must be filtered using
> {{HeaderFilterStrategy.applyFilterToCamelHeaders(...)}}
>  * Headers matching the configured {{outFilter}} must *not* be propagated as 
> Pub/Sub message attributes
>  * Sensitive headers such as {{Authorization}} or {{Cookie}} must never 
> appear on the consumer side
> h4. *Actual Behavior*
> The {{GooglePubsubProducer}} applies the header filter using:
> headerFilterStrategy.applyFilterToExternalHeaders(...)
> while iterating over {*}Camel message headers{*}.
> As a result, {{outFilter}} rules are not applied correctly and Camel headers 
> are propagated to Pub/Sub attributes.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to