[
https://issues.apache.org/jira/browse/CAMEL-22941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18060250#comment-18060250
]
Pasquale Congiusti commented on CAMEL-22941:
--------------------------------------------
I had it tested against 4.18.0-SNAPSHOT when I sent the comment and the problem
was not appearing. I will retry with recently released 4.18.0 to see what's
going on. No, there is no vulnerability as it does not leak any sensitive data
as far as I can see. It logs headers, which can be expected. Also, if any, it
should involve third party library. Camel is just exposing the endpoint, the
logic happens at springboot level for those metrics.
> "POST_Exchange____Id__" metrics
> -------------------------------
>
> Key: CAMEL-22941
> URL: https://issues.apache.org/jira/browse/CAMEL-22941
> Project: Camel
> Issue Type: Bug
> Components: camel-metrics
> Affects Versions: 4.16.0
> Reporter: David J. M. Karlsen
> Priority: Minor
> Fix For: 4.18.0
>
> Attachments: Screenshot 2026-02-01 at 14.33.37.png
>
>
> When visiting the spring-boot prometheus metrics page, there are tons of
> metrics named
> POST_Exchange____Id__9F24210ADD30EA2_0000000000000001___Headers___accept_application_xml__authori.....___total,
> i.e. a unique metric name per request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
