[jira] [Resolved] (CAMEL-23769) camel-http-common: apply a configurable ObjectInputFilter when deserializing Java objects

Andrea Cosentino (Jira) Wed, 24 Jun 2026 01:21:08 -0700


     [ 
https://issues.apache.org/jira/browse/CAMEL-23769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrea Cosentino resolved CAMEL-23769.
--------------------------------------
    Resolution: Fixed

> camel-http-common: apply a configurable ObjectInputFilter when deserializing 
> Java objects
> -----------------------------------------------------------------------------------------
>
>                 Key: CAMEL-23769
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23769
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-http-common
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.21.0
>
>
> HttpHelper.deserializeJavaObjectFromStream reads a Java-serialized object via 
> CamelObjectInputStream without an ObjectInputFilter. This is only reachable 
> behind the opt-in transferException/allowJavaSerializedObject options, but 
> the sibling camel-netty-http and camel-jms bindings apply an 
> ObjectInputFilter even on that opt-in path. This proposes aligning 
> camel-http-common with them by adding a configurable deserialization filter.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (CAMEL-23769) camel-http-common: apply a configurable ObjectInputFilter when deserializing Java objects

Reply via email to