Andrea Cosentino created CAMEL-23769:
----------------------------------------
Summary: camel-http-common: apply a configurable ObjectInputFilter
when deserializing Java objects
Key: CAMEL-23769
URL: https://issues.apache.org/jira/browse/CAMEL-23769
Project: Camel
Issue Type: Improvement
Components: camel-http-common
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
Fix For: 4.21.0, 4.18.3, 4.14.8
HttpHelper.deserializeJavaObjectFromStream reads a Java-serialized object via
CamelObjectInputStream without an ObjectInputFilter. This is only reachable
behind the opt-in transferException/allowJavaSerializedObject options, but the
sibling camel-netty-http and camel-jms bindings apply an ObjectInputFilter even
on that opt-in path. This proposes aligning camel-http-common with them by
adding a configurable deserialization filter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
