Re: [VOTE] Release Apache Camel Kamelets 4.4.0
+1 (binding) On Mon, Feb 19, 2024 at 3:14 PM Andrea Cosentino wrote: > Hello all, > > This is a vote for releasing camel-kamelets 4.4.0 > > This is the first release of camel-kamelets supporting LTS Camel 4.4.0 and > it contains many new Kamelets and a lot of fixes. > > Kamelets release files: > https://dist.apache.org/repos/dist/dev/camel/camel-kamelets/4.4.0 > Kamelets staging repository: > https://repository.apache.org/content/repositories/orgapachecamel-1681 > Kamelets Tag: > https://github.com/apache/camel-kamelets/releases/tag/v4.4.0 > > Please cast your vote. > > [ ] +1 Release camel-kamelets 4.4.0 > [ ] -1 Veto the release (provide specific comments) > > The vote is open for at least 72 hours. > > Here's my +1. > > Thanks, > Andrea Cosentino > -- Claus Ibsen - @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
[VOTE] Release Apache Camel Kamelets 4.4.0
Hello all, This is a vote for releasing camel-kamelets 4.4.0 This is the first release of camel-kamelets supporting LTS Camel 4.4.0 and it contains many new Kamelets and a lot of fixes. Kamelets release files: https://dist.apache.org/repos/dist/dev/camel/camel-kamelets/4.4.0 Kamelets staging repository: https://repository.apache.org/content/repositories/orgapachecamel-1681 Kamelets Tag: https://github.com/apache/camel-kamelets/releases/tag/v4.4.0 Please cast your vote. [ ] +1 Release camel-kamelets 4.4.0 [ ] -1 Veto the release (provide specific comments) The vote is open for at least 72 hours. Here's my +1. Thanks, Andrea Cosentino
https://camel.apache.org/security/CVE-2024-23114.html: CVE-2024-23114: Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository
Severity: important Affected versions: - Apache Camel 3.0.0 before 3.21.4 - Apache Camel 3.22.0 before 3.22.1 - Apache Camel 4.0.0 before 4.0.4 - Apache Camel 4.1.0 before 4.4.0 Description: Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 This issue is being tracked as CAMEL-20306 Credit: Federico Mariani From Apache Software Foundation (finder) Andrea Cosentino from Apache Software Foundation (finder) References: https://camel.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-23114 https://issues.apache.org/jira/browse/CAMEL-20306
https://camel.apache.org/security/CVE-2024-22369.html: CVE-2024-22369: Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository
Severity: important Affected versions: - Apache Camel 3.0.0 before 3.21.4 - Apache Camel 3.22.0 before 3.22.1 - Apache Camel 4.0.0 before 4.0.4 - Apache Camel 4.1.0 before 4.4.0 Description: Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 This issue is being tracked as CAMEL-20303 Credit: Ziyang Chen from HuaWei Open Source Management Center (finder) Pingtao Wei from HuaWei Open Source Management Center (finder) Haoran Zhi from HuaWei Open Source Management Center (finder) References: https://camel.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-22369 https://issues.apache.org/jira/browse/CAMEL-20303
What happened to HTTP component OAuth support?
Hi As of release 4.2 there’s support for OAuth in the http component but nowhere to be found on how to use it. CAMEL-18637 all I can find is a OAuth2ClientConfigurer class. /M
Re: Issue with SpringBootTest and camel-rest
hi Federico, Thanks, that was the missing part! Thanks to both of you for the support For reference: The rest component can be re-configured to use the same context path as previously the camel-servlet: restConfiguration() .contextPath( "/my-api“) With this i don’t need other changes to my routes. Alphonse > Am 19.02.2024 um 10:22 schrieb Federico Mariani > : > > Hello, I am getting 404 on the standalone example. > > Beware that OOB camel-servlet and camel-platform-http uses different > endpoints, camel-servlet */came/** while camel-platform-http */** > > Il giorno dom 18 feb 2024 alle ore 15:09 Alphonse Bendt < > alphonse.be...@gmail.com> ha scritto: > >> Hi folks, >> >> There is an issue when running tests for a SpringBoot application that >> uses camel-rest. >> >> When there are multiple tests that use a different configuration (e.g., >> different properties), we run into this error: >> >> Caused by: >>jakarta.servlet.ServletException: Duplicate >> ServletName detected: CamelServlet. Existing: >> CamelHttpTransportServlet[name=CamelServlet] This: >> CamelHttpTransportServlet[name=CamelServlet]. Its advised to use unique >> ServletName per Camel application. >>at >> app//org.apache.camel.component.servlet.CamelHttpTransportServlet.init(CamelHttpTransportServlet.java:68) >> >> >> I have created a standalone example to demonstrate the issue: >> https://github.com/abendt/camel-rest >> >> To reproduce: >> ./gradlew -i test >> >> The project contains two tests with different configurations (one has an >> additional active profile). >> I would expect the build to pass; however, it fails with the mentioned >> exception. >> >> As a workaround, it's possible to add @DirtiesContext. However, this hurts >> test performance and should be avoided if possible. >> >> Am i missing something or is this a current limitation of camel-rest? >> >> thanks, >> Alphonse
Re: Issue with SpringBootTest and camel-rest
Hello, I am getting 404 on the standalone example. Beware that OOB camel-servlet and camel-platform-http uses different endpoints, camel-servlet */came/** while camel-platform-http */** Il giorno dom 18 feb 2024 alle ore 15:09 Alphonse Bendt < alphonse.be...@gmail.com> ha scritto: > Hi folks, > > There is an issue when running tests for a SpringBoot application that > uses camel-rest. > > When there are multiple tests that use a different configuration (e.g., > different properties), we run into this error: > > Caused by: > jakarta.servlet.ServletException: Duplicate > ServletName detected: CamelServlet. Existing: > CamelHttpTransportServlet[name=CamelServlet] This: > CamelHttpTransportServlet[name=CamelServlet]. Its advised to use unique > ServletName per Camel application. > at > app//org.apache.camel.component.servlet.CamelHttpTransportServlet.init(CamelHttpTransportServlet.java:68) > > > I have created a standalone example to demonstrate the issue: > https://github.com/abendt/camel-rest > > To reproduce: > ./gradlew -i test > > The project contains two tests with different configurations (one has an > additional active profile). > I would expect the build to pass; however, it fails with the mentioned > exception. > > As a workaround, it's possible to add @DirtiesContext. However, this hurts > test performance and should be avoided if possible. > > Am i missing something or is this a current limitation of camel-rest? > > thanks, >Alphonse
