CVE-2023-34442: Apache Camel JIRA: Temporary file information disclosure in Camel-Jira

2023-07-07 Thread Andrea Cosentino 
Severity: low

Affected versions:

- Apache Camel JIRA 3.x through <=3.14.8
- Apache Camel JIRA 3.18.x through <=3.18.7
- Apache Camel JIRA 3.20.x through <= 3.20.5
- Apache Camel JIRA 4.x through <= 4.0.0-M3

Description:

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in
Apache Software Foundation Apache Camel.This issue affects Apache Camel:
from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X
through <= 3.20.5, from 4.X through <= 4.0.0-M3.

Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on
Camel 4.x update to 4.0.0-M1

This issue is being tracked as CAMEL-19421

Credit:

This issue was discovered by Jonathan Leitschuh of the Open Source Security
Foundation: Project Alpha-Omega (reporter)

References:

https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-34442
https://issues.apache.org/jira/browse/CAMEL-19421
https://camel.apache.org/security/CVE-2023-34442.html

Re: [VOTE] Release Camel K Runtime 2.16.0

2023-07-07 Thread Nicolas Filotto 
+1 (binding)

From: Pasquale Congiusti 
Sent: Tuesday, July 4, 2023 10:45
To: dev ; users@camel.apache.org 
Subject: [VOTE] Release Camel K Runtime 2.16.0

Hello,

This is a vote to release Camel K Runtime 2.16.0. This release mostly
contains the runtime artifacts required for Camel K version 2 to be
released independently. As the Camel K Runtime depends mostly on Camel
Quarkus, we've aligned the version to the same used in Camel Quarkus. From
now on we expect to release Camel K Runtime beside Camel Quarkus and have
an available runtime for Camel K as soon as the runtime is released.

Camel K Runtime source files:
https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/camel/camel-k-runtime/2.16.0/__;!!CiXD_PY!TNDtS0yn_Ug1oBQfC-eWt7Q8m00TpKrB9sGapWqJdndV1_5TWr35kjlmI4uocXAibAypAq6nU9w_YOlOtOfVnhuiKA$

Camel K Runtime staging repository:
https://urldefense.com/v3/__https://repository.apache.org/content/repositories/orgapachecamel-1587__;!!CiXD_PY!TNDtS0yn_Ug1oBQfC-eWt7Q8m00TpKrB9sGapWqJdndV1_5TWr35kjlmI4uocXAibAypAq6nU9w_YOlOtOdE69SyEw$

Camel K Runtime Tag:
https://urldefense.com/v3/__https://github.com/apache/camel-k-runtime/releases/tag/camel-k-runtime-project-2.16.0__;!!CiXD_PY!TNDtS0yn_Ug1oBQfC-eWt7Q8m00TpKrB9sGapWqJdndV1_5TWr35kjlmI4uocXAibAypAq6nU9w_YOlOtOd3T0DQ2g$

It's possible test the staging artifacts by installing the latest Camel K
CLI (kamel) with the staging repository and run any Integration with the
new runtime (2.16.0):

kamel install --maven-repository=
https://urldefense.com/v3/__https://repository.apache.org/content/repositories/orgapachecamel-1587__;!!CiXD_PY!TNDtS0yn_Ug1oBQfC-eWt7Q8m00TpKrB9sGapWqJdndV1_5TWr35kjlmI4uocXAibAypAq6nU9w_YOlOtOdE69SyEw$
 --olm=false
...

kamel run Test.java -t camel.runtime-version=2.16.0


Please test this release candidate and cast your vote.

[ ] +1 Release Apache Camel K Runtime 2.16.0
[ ] -1 Veto the release (provide specific comments)

The vote is open for at least 72 hours.

I start the vote with my +1.

Thanks and regards,
Pasquale Congiusti

As a recipient of an email from the Talend Group, your personal data will be 
processed by our systems. Please see our Privacy Notice 
 for more information about our 
collection and use of your personal information, our security practices, and 
your data protection rights, including any rights you may have to object to 
automated-decision making or profiling we use to analyze support or marketing 
related communications. To manage or discontinue promotional communications, 
use the communication preferences 
portal. To exercise your data 
protection rights, use the privacy request 
form.
 Contact us here  or by mail to either of our 
co-headquarters: Talend, Inc.: 400 South El Camino Real, Ste 1400, San Mateo, 
CA 94402; Talend SAS: 5/7 rue Salomon De Rothschild, 92150 Suresnes, France

Re: [VOTE] Release Camel K Runtime 2.16.0

2023-07-07 Thread Zineb Bendhiba 
+1 (binding)

Le mar. 4 juil. 2023 à 10:45, Pasquale Congiusti <
pasquale.congiu...@gmail.com> a écrit :

> Hello,
>
> This is a vote to release Camel K Runtime 2.16.0. This release mostly
> contains the runtime artifacts required for Camel K version 2 to be
> released independently. As the Camel K Runtime depends mostly on Camel
> Quarkus, we've aligned the version to the same used in Camel Quarkus. From
> now on we expect to release Camel K Runtime beside Camel Quarkus and have
> an available runtime for Camel K as soon as the runtime is released.
>
> Camel K Runtime source files:
> https://dist.apache.org/repos/dist/dev/camel/camel-k-runtime/2.16.0/
>
> Camel K Runtime staging repository:
> https://repository.apache.org/content/repositories/orgapachecamel-1587
>
> Camel K Runtime Tag:
>
> https://github.com/apache/camel-k-runtime/releases/tag/camel-k-runtime-project-2.16.0
>
> It's possible test the staging artifacts by installing the latest Camel K
> CLI (kamel) with the staging repository and run any Integration with the
> new runtime (2.16.0):
>
> kamel install --maven-repository=
> https://repository.apache.org/content/repositories/orgapachecamel-1587
>  --olm=false
> ...
>
> kamel run Test.java -t camel.runtime-version=2.16.0
>
>
> Please test this release candidate and cast your vote.
>
> [ ] +1 Release Apache Camel K Runtime 2.16.0
> [ ] -1 Veto the release (provide specific comments)
>
> The vote is open for at least 72 hours.
>
> I start the vote with my +1.
>
> Thanks and regards,
> Pasquale Congiusti
>


-- 
Zineb