| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA1 |
| |
| CVE-2020-11972: Apache Camel RabbitMQ enables Java deserialization by default |
| |
| Severity: MEDIUM |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: Camel 2.25.0, Camel 3.0.0 to 3.1.0. The unsupported Camel 2.x (2.24 and earlier) versions may be also affected. |
| |
| Description: Apache Camel RabbitMQ enables Java deserialization by default |
| |
| Mitigation: 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0 The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-14711 refers to the various commits that resovoled the issue, and have more details. |
| |
| Credit: This issue was discovered by Colm O. HEigeartaigh <coheigea at apache dot org> from Apache Software Foundation |
| -----BEGIN PGP SIGNATURE----- |
| Version: GnuPG v2.0.22 (GNU/Linux) |
| |
| iQEcBAEBAgAGBQJevUQmAAoJEONOnzgC/0EAoUEH/3gQSJ+agSsG/NujZ2xffXRw |
| YvfSHRzlWKKailRrTA0M7400YcLcY0vWJm+7lq2IBxCwQ+YXV5sn5k9IbztCaXi+ |
| NkfuScPghlCk6ysYW4ipkNQKHjCkT2IRDHH460vfBNlD07P2wlnF+Wd9DnE5ssBv |
| lKt0sbfUwd8Wd6DGt6IfR42f/yNtBRC9B/JLIY5Ch2InptI3kB3xKjOzw/VvL69L |
| nJfu9L/oGX8UbOy3xLrQUp9MfNK5ymtiOW/xKVJbW6icoU3qopz0uQk3oIo5HRvi |
| 34fhmRBJ8fSguS3xC2VWBuQKCy765EaCB0X95vesM8/9TNTKmdr71AjKrye0i3o= |
| =+Dlv |
| -----END PGP SIGNATURE----- |