Google Git
Sign in
apache / camel-website / HEAD / . / content / security / CVE-2020-11972.txt.asc
blob: 4c4efb8e6fb59228a1a6ef7db2c05a4205f9d234 [file] [log] [blame]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2020-11972: Apache Camel RabbitMQ enables Java deserialization by default
Severity: MEDIUM
Vendor: The Apache Software Foundation
Versions Affected: Camel 2.25.0, Camel 3.0.0 to 3.1.0. The unsupported Camel 2.x (2.24 and earlier) versions may be also affected.
Description: Apache Camel RabbitMQ enables Java deserialization by default
Mitigation: 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0 The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-14711 refers to the various commits that resovoled the issue, and have more details.
Credit: This issue was discovered by Colm O. HEigeartaigh <coheigea at apache dot org> from Apache Software Foundation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJevUQmAAoJEONOnzgC/0EAoUEH/3gQSJ+agSsG/NujZ2xffXRw
YvfSHRzlWKKailRrTA0M7400YcLcY0vWJm+7lq2IBxCwQ+YXV5sn5k9IbztCaXi+
NkfuScPghlCk6ysYW4ipkNQKHjCkT2IRDHH460vfBNlD07P2wlnF+Wd9DnE5ssBv
lKt0sbfUwd8Wd6DGt6IfR42f/yNtBRC9B/JLIY5Ch2InptI3kB3xKjOzw/VvL69L
nJfu9L/oGX8UbOy3xLrQUp9MfNK5ymtiOW/xKVJbW6icoU3qopz0uQk3oIo5HRvi
34fhmRBJ8fSguS3xC2VWBuQKCy765EaCB0X95vesM8/9TNTKmdr71AjKrye0i3o=
=+Dlv
-----END PGP SIGNATURE-----