Hi Karel,
Normally we talk about this kind of issue in the private mailing list[1].
As you already provide a fix for it, you can send a PR [2] with the fix as
the contribution document[3] suggested. I'd happy to apply it into
camel-core.
I'm not sure how did you deploy the camel application.
Dear All,
we are using XSD validation processor by camel-core library
...
.to("validator:classpath:xsd/exportenv70.xsd")
...
Our penetration tests found that application can be attacked by "XML
External Entity (XXE)"