[jira] [Updated] (CAMEL-23769) camel-http-common: apply a configurable ObjectInputFilter when deserializing Java objects

Andrea Cosentino (Jira) Wed, 24 Jun 2026 01:33:10 -0700


     [ 
https://issues.apache.org/jira/browse/CAMEL-23769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrea Cosentino updated CAMEL-23769:
-------------------------------------
    Fix Version/s: 4.18.3
                   4.22.0
                   4.14.8
                       (was: 4.21.0)

> camel-http-common: apply a configurable ObjectInputFilter when deserializing 
> Java objects
> -----------------------------------------------------------------------------------------
>
>                 Key: CAMEL-23769
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23769
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-http-common
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.14.8, 4.18.3, 4.22.0
>
>
> HttpHelper.deserializeJavaObjectFromStream reads a Java-serialized object via 
> CamelObjectInputStream without an ObjectInputFilter. This is only reachable 
> behind the opt-in transferException/allowJavaSerializedObject options, but 
> the sibling camel-netty-http and camel-jms bindings apply an 
> ObjectInputFilter even on that opt-in path. This proposes aligning 
> camel-http-common with them by adding a configurable deserialization filter.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (CAMEL-23769) camel-http-common: apply a configurable ObjectInputFilter when deserializing Java objects

Reply via email to