Hi Zheng: We are using Netty for TCP socket connections, not for http.
Thanks Ravi -----Original Message----- From: Zheng Feng <zf...@redhat.com> Sent: Monday, January 11, 2021 9:06 AM To: users@camel.apache.org Subject: Re: Camel-Netty Security Vulnerability (CWE-295/BDSA-2018-4022) - Hostname verification It looks like we had resolved the similar issue in https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FCAMEL-14070&data=04%7C01%7CRavi.Sunchu%40sas.com%7C925ebadd5f194c8225f308d8b63a05d8%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637459708147816844%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=fhYTMt%2FtXEWmPuTopG8v0A%2BDuwuX68L8zRxAvA7tRQw%3D&reserved=0 to support SNI. So IMO, the camel-netty-http will not be affected by this vulnerability.
