content/security/CVE-2020-11973.md

title: “Apache Camel Security Advisory - CVE-2020-11973” date: 2020-05-14T14:47:42+02:00 url: /security/CVE-2020-11973.html draft: false type: security-advisory cve: CVE-2020-11973 severity: MEDIUM summary: “Apache Camel Netty enables Java deserialization by default” description: “Apache Camel Netty enables Java deserialization by default” mitigation: “2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0” credit: “This issue was discovered by Colm O. HEigeartaigh from Apache Software Foundation” affected: 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 fixed: 2.25.1, 3.2.0

The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-14477 refers to the various commits that resovoled the issue, and have more details.