camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r979013 [3/4] - in /websites/production/camel/content: ./ cache/ ignite.data/ index.userimage/ news.userimage/ security-advisories.data/
Date Sat, 30 Jan 2016 06:30:37 GMT
Modified: websites/production/camel/content/mime-multipart.html
==============================================================================
--- websites/production/camel/content/mime-multipart.html (original)
+++ websites/production/camel/content/mime-multipart.html Sat Jan 30 06:30:37 2016
@@ -85,16 +85,16 @@
 	<tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><p><strong>Available as of Camel
2.17</strong></p><p>This data format that can convert a Camel message with
attachments into a Camel message having a MIME-Multipart message as message body (and no attachments).</p><p>The
use case for this is to enable the user to send attachments over endpoints that do not directly
support attachments, either as special protocol implementation (e.g. send a MIME-multipart
over an HTTP endpoint) or as a kind of tunneling solution (e.g. because camel-jms does not
support attachments but by marshalling the message with attachments into a MIME-Multipart,
sending that to a JMS queue, receiving the message from the JMS queue and unmarshalling it
again (into a message body with attachments).</p><p>The marshal option of the
mime-multipart data format will convert a message with attachments into a MIME-Multipart message.
If the parameter "multipartWithoutAttachment" is set to true it will also marshal messages
without att
 achments into a multipart message with a single part, if the parameter is set to false it
will leave the message alone.</p><p>MIME headers of the mulitpart as "MIME-Version"
and "Content-Type" are set as camel headers to the message. If the parameter "headersInline"
is set to true it will also create a MIME multipart message in any case. <br clear="none">Furthermore
the MIME headers of the multipart are written as part of the message body, not as camel headers.</p><p>The
unmarshal option of the mime-multipart data format will convert a MIME-Multipart message into
a camel message with attachments and leaves other messages alone. MIME-Headers of the MIME-Multipart
message have to be set as Camel headers. The unmarshalling will only take place if the "Content-Type"
header is set to a "multipart" type. If the option "headersInline" is set to true, the body
is always parsed as a MIME message. Messages that are actually not MIME messages with MIME
headers in the message body&#160;will be 
 parsed into empty messages.</p><h3 id="MIME-Multipart-Options">Options</h3><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh">Option</th><th colspan="1" rowspan="1" class="confluenceTh">Default</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">multipartWithoutAttachment</td><td
colspan="1" rowspan="1" class="confluenceTd">false</td><td colspan="1" rowspan="1"
class="confluenceTd">If set to true the marshal operation will create a multipart (with
a single part) if the message does not contain any attachments. If this is set to false it
will leave messages without attachments alone.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">headersInline</td><td colspan="1" rowspan="1"
class="confluenceTd">false</td><td colspan="1" rowspan="1" class="confluenceTd"><p>If
set to true the marshal operation will add the MIME headers of the Multipa
 rt as part of the message body and not as a camel header. In case of a unmarshal operations
the MIME headers are assumed to be contained in the message body and the operation will always
parse the message as MIME message.</p><p>Note: Any message is a valid MIME message,
so the unmarshal operation with this parameter set to true will never result in an error but
will return an empty message (as anything outside the MIME boundary is considered to be a
comment).</p><p>Note: If the headersInline parameter is set to "true", the message
will also always be rendered into a MIME multipart regardless whether it has an attachment
or not.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">binaryContent</td><td
colspan="1" rowspan="1" class="confluenceTd">false</td><td colspan="1" rowspan="1"
class="confluenceTd">If set to true non-text content will be transferred in binary mode,
if set to false (default) binary content will be transferred in base64 encoding. This is shorter
but 
 might not work for all transfer methods.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">multipartSubType</td><td colspan="1" rowspan="1"
class="confluenceTd">mixed</td><td colspan="1" rowspan="1" class="confluenceTd">The
subtype of the generated MIME multipart. Other options are related, alternative, digest, or
parallel. The data type does not enforce any semantics for these subtypes (so e.g. the user
has to make sure that the first body part of a multipart/digest message is proper message/rfc822
data). The default mixed is usually a good choice.</td></tr></tbody></table></div><h3
id="MIME-Multipart-MessageHeaders(marshal)">Message Headers (marshal)</h3><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh">Name</th><th colspan="1" rowspan="1" class="confluenceTh">Type</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">Message-Id</td>
 <td colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1"
rowspan="1" class="confluenceTd">The marshal operation will set this parameter to the generated
MIME message id if the "headersInline" parameter is set to false.</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">MIME-Version</td><td colspan="1"
rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">The
marshal operation will set this parameter to the applied MIME version (1.0) if the "headersInline"
parameter is set to false.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">Content-Type</td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">The content of this header will be used as a content type for the
message body part. If no content type is set, "application/octet-stream" is assumed. After
the marshal operation the content type is set to "multipart/related" or empty if the "headersInl
 ine" parameter is set to true.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">Content-Encoding</td><td colspan="1" rowspan="1" class="confluenceTd">String</td><td
colspan="1" rowspan="1" class="confluenceTd">If the incoming content type is "text/*" the
content encoding will be set to the encoding parameter of the Content-Type MIME header of
the body part. Furthermore the given charset is applied for text to binary conversions.</td></tr></tbody></table></div><h3
id="MIME-Multipart-MessageHeaders(unmarshal)">Message Headers (unmarshal)</h3><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh">Name</th><th colspan="1" rowspan="1" class="confluenceTh">Type</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">Content-Type</td><td colspan="1"
rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;I
 f this header is not set to "multipart/*" the unmarshal operation will not do anything. In
other cases the multipart will be parsed into a camel message with attachments and the header
is set to the Content-Type header of the body part, except if this is application/octet-stream.
In the latter case the header is removed.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">Content-Encoding</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">If
the content-type of the body part contains an encoding parameter this header will be set to
the value of this encoding parameter (converted from MIME endoding descriptor to Java encoding
descriptor)</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">MIME-Version</td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">The unmarshal operation will read this header and use it for parsing
the MIME multipart. The
  header is removed afterwards</td></tr></tbody></table></div><h3
id="MIME-Multipart-Examples">Examples</h3><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<div class="wiki-content maincontent"><p><strong>Available as of Camel
2.17</strong></p><p>This data format that can convert a Camel message with
attachments into a Camel message having a MIME-Multipart message as message body (and no attachments).</p><p>The
use case for this is to enable the user to send attachments over endpoints that do not directly
support attachments, either as special protocol implementation (e.g. send a MIME-multipart
over an HTTP endpoint) or as a kind of tunneling solution (e.g. because camel-jms does not
support attachments but by marshalling the message with attachments into a MIME-Multipart,
sending that to a JMS queue, receiving the message from the JMS queue and unmarshalling it
again (into a message body with attachments).</p><p>The marshal option of the
mime-multipart data format will convert a message with attachments into a MIME-Multipart message.
If the parameter "multipartWithoutAttachment" is set to true it will also marshal messages
without att
 achments into a multipart message with a single part, if the parameter is set to false it
will leave the message alone.</p><p>MIME headers of the mulitpart as "MIME-Version"
and "Content-Type" are set as camel headers to the message. If the parameter "headersInline"
is set to true it will also create a MIME multipart message in any case. <br clear="none">Furthermore
the MIME headers of the multipart are written as part of the message body, not as camel headers.</p><p>The
unmarshal option of the mime-multipart data format will convert a MIME-Multipart message into
a camel message with attachments and leaves other messages alone. MIME-Headers of the MIME-Multipart
message have to be set as Camel headers. The unmarshalling will only take place if the "Content-Type"
header is set to a "multipart" type. If the option "headersInline" is set to true, the body
is always parsed as a MIME message. Messages that are actually not MIME messages with MIME
headers in the message body&#160;will be 
 parsed into empty messages.</p><h3 id="MIME-Multipart-Options">Options</h3><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh">Option</th><th colspan="1" rowspan="1" class="confluenceTh">Default</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">multipartWithoutAttachment</td><td
colspan="1" rowspan="1" class="confluenceTd">false</td><td colspan="1" rowspan="1"
class="confluenceTd">If set to true the marshal operation will create a multipart (with
a single part) if the message does not contain any attachments. If this is set to false it
will leave messages without attachments alone.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">headersInline</td><td colspan="1" rowspan="1"
class="confluenceTd">false</td><td colspan="1" rowspan="1" class="confluenceTd"><p>If
set to true the marshal operation will add the MIME headers of the Multipa
 rt as part of the message body and not as a camel header. In case of a unmarshal operations
the MIME headers are assumed to be contained in the message body and the operation will always
parse the message as MIME message.</p><p>Note: Any message is a valid MIME message,
so the unmarshal operation with this parameter set to true will never result in an error but
will return an empty message (as anything outside the MIME boundary is considered to be a
comment).</p><p>Note: If the headersInline parameter is set to "true", the message
will also always be rendered into a MIME multipart regardless whether it has an attachment
or not.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>includeHeaders&#160;</p></td><td
colspan="1" rowspan="1" class="confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><p>A regex that defines which Camel headers are also included
as MIME headers into the MIME multipart. This will only work if headersInline is set to true.<
 br clear="none">Default is to include no Camel headers.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">binaryContent</td><td colspan="1"
rowspan="1" class="confluenceTd">false</td><td colspan="1" rowspan="1" class="confluenceTd">If
set to true non-text content will be transferred in binary mode, if set to false (default)
binary content will be transferred in base64 encoding. This is shorter but might not work
for all transfer methods.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">multipartSubType</td><td
colspan="1" rowspan="1" class="confluenceTd">mixed</td><td colspan="1" rowspan="1"
class="confluenceTd">The subtype of the generated MIME multipart. Other options are related,
alternative, digest, or parallel. The data type does not enforce any semantics for these subtypes
(so e.g. the user has to make sure that the first body part of a multipart/digest message
is proper message/rfc822 data). The default mixed is usually a good choice.</td></tr></t
 body></table></div><h3 id="MIME-Multipart-MessageHeaders(marshal)">Message
Headers (marshal)</h3><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th
colspan="1" rowspan="1" class="confluenceTh">Name</th><th colspan="1" rowspan="1"
class="confluenceTh">Type</th><th colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">Message-Id</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">The
marshal operation will set this parameter to the generated MIME message id if the "headersInline"
parameter is set to false.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">MIME-Version</td><td
colspan="1" rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">The marshal operation will set this parameter to the applied MIME
version (1.0) if the "headersInline" parameter is set to false.</td></tr><tr><td
colspan
 ="1" rowspan="1" class="confluenceTd">Content-Type</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">The
content of this header will be used as a content type for the message body part. If no content
type is set, "application/octet-stream" is assumed. After the marshal operation the content
type is set to "multipart/related" or empty if the "headersInline" parameter is set to true.</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">Content-Encoding</td><td colspan="1"
rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">If
the incoming content type is "text/*" the content encoding will be set to the encoding parameter
of the Content-Type MIME header of the body part. Furthermore the given charset is applied
for text to binary conversions.</td></tr></tbody></table></div><h3
id="MIME-Multipart-MessageHeaders(unmarshal)">Message Headers (unmarshal)</h3><div
class="table-wra
 p"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh">Name</th><th colspan="1" rowspan="1" class="confluenceTh">Type</th><th
colspan="1" rowspan="1" class="confluenceTh">Description</th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd">Content-Type</td><td colspan="1"
rowspan="1" class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">&#160;If
this header is not set to "multipart/*" the unmarshal operation will not do anything. In other
cases the multipart will be parsed into a camel message with attachments and the header is
set to the Content-Type header of the body part, except if this is application/octet-stream.
In the latter case the header is removed.</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">Content-Encoding</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">If
the content-type of the body part contains an encoding paramet
 er this header will be set to the value of this encoding parameter (converted from MIME endoding
descriptor to Java encoding descriptor)</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">MIME-Version</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1" class="confluenceTd">The
unmarshal operation will read this header and use it for parsing the MIME multipart. The header
is removed afterwards</td></tr></tbody></table></div><h3
id="MIME-Multipart-Examples">Examples</h3><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
 <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[from(...).marshal().mimeMultipart()
 
 ]]></script>
-</div></div><p><span style="line-height: 1.42857;">With a message
where no Content-Type header is set, will create a Message with the following message headers:</span></p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+</div></div><p><span style="line-height: 1.42857;">With a message
where no Content-Type header is set, will create a Message with the following message Camel
headers:</span></p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Camel Message
Headers</b></div><div class="codeContent panelContent pdl">
 <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[Content-Type=multipart/mixed;
\n boundary=&quot;----=_Part_0_14180567.1447658227051&quot;
 Message-Id=&lt;...&gt;
-MIME-Version=1.0
-The message body will be:
-------=_Part_0_14180567.1447658227051
+MIME-Version=1.0]]></script>
+</div></div><pre>The message body will be:</pre><div class="code
panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width:
1px;"><b>Camel Message Body</b></div><div class="codeContent panelContent
pdl">
+<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[------=_Part_0_14180567.1447658227051
 Content-Type: application/octet-stream
 Content-Transfer-Encoding: base64
 Qm9keSB0ZXh0
@@ -105,20 +105,26 @@ Content-Disposition: attachment; filenam
 AAECAwQFBgc=
 ------=_Part_0_14180567.1447658227051--]]></script>
 </div></div><p><br clear="none">A message with the header Content-Type
set to "text/plain" sent to the route</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
-<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[from(...).marshal().mimeMultipart(&quot;related&quot;,
true, true, true)]]></script>
-</div></div><p><br clear="none">will create a message without any
specific MIME headers set as Camel headers (the Content-Type header is removed from the message)
and the following message body:</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[from(&quot;...&quot;).marshal().mimeMultipart(&quot;related&quot;,
true, true, &quot;(included|x-.*)&quot;, true);]]></script>
+</div></div><p>will create a message without any specific MIME headers
set as Camel headers (the Content-Type header is removed from the Camel message) and the following
message body that includes also all headers of the original message starting with "x-" and
the header with name "included":</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Camel
Message Body</b></div><div class="codeContent panelContent pdl">
 <script class="brush: java; gutter: false; theme: Default" type="syntaxhighlighter"><![CDATA[Message-ID:
&lt;...&gt;
 MIME-Version: 1.0
 Content-Type: multipart/related; 
-boundary=&quot;----=_Part_0_1134128170.1447659361365&quot;
+	boundary=&quot;----=_Part_0_1134128170.1447659361365&quot;
+x-bar: also there
+included: must be included
+x-foo: any value
+ 
 ------=_Part_0_1134128170.1447659361365
 Content-Type: text/plain
 Content-Transfer-Encoding: 8bit
+
 Body text
 ------=_Part_0_1134128170.1447659361365
 Content-Type: application/binary
 Content-Transfer-Encoding: binary
 Content-Disposition: attachment; filename=&quot;Attachment File Name&quot;
+
 [binary content]
 ------=_Part_0_1134128170.1447659361365]]></script>
 </div></div><h3 id="MIME-Multipart-Dependencies"><br clear="none">Dependencies</h3><p>To
use MIME-Multipart in your Camel routes you need to add a dependency on <strong>camel-mail</strong>
which implements this data format.</p><p>If you use Maven you can just add the
following to your pom.xml:</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeContent panelContent pdl">

Modified: websites/production/camel/content/news.userimage/user-avatar
==============================================================================
Binary files - no diff available.

Added: websites/production/camel/content/security-advisories.data/CVE-2015-5344.txt.asc
==============================================================================
--- websites/production/camel/content/security-advisories.data/CVE-2015-5344.txt.asc (added)
+++ websites/production/camel/content/security-advisories.data/CVE-2015-5344.txt.asc Sat Jan
30 06:30:37 2016
@@ -0,0 +1,52 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================
+
+CVE-2015-5344: Apache Camel's XStream usage is vulnerable
+to Remote Code Execution attacks
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Camel 2.15.0 to 2.15.4, Camel 2.16.0
+The unsupported Camel 2.x (2.14 and earlier) versions may be also affected.
+
+Description: Apache Camel's camel-xstream component is vulnerable to Java object
+de-serialisation vulnerability. Such as de-serializing untrusted data can lead
+to security flaws as demonstrated in various similar reports about Java de-serialization
issues.
+
+Mitigation: 2.15.x users should upgrade to 2.15.5, 2.16.0 users should
+upgrade to 2.16.1. And if you are using camel-xstream to serialize payload to Java objects,
+then you need to explicitly list trusted packages. 
+
+To see how to do that, please take a look at: http://camel.apache.org/xstream
+
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-9297
+refers to the various commits that resovoled the issue, and have more details.
+
+Credit: This issue was discovered by Christian Schneider.
+
+A related xstream de-serialization vulnerability was recently reported for Apache ActiveMQ:
+http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2
+
+
+=============================================
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - https://gpgtools.org
+
+iQIcBAEBCgAGBQJWqyUtAAoJEN1wUKdrQA9p+ooP+wRwqVaLWcCpVNur91oJY7Ez
+w0x+Rl/tNsGX6U/1Mow/iJSYPSvaDhjrfCUgwLYlhLp3MDvkYE5C9e2nBkQU1Jjl
+REo2R0t8NmOARqF9pvZIDKj0F2/JViaOB/gT3ENZSDbroX1T78jr4kL6Ro48VrVj
+4WyAdTgRR73t/2e/R8S+H+ObjkzCYvdcRI7swXdlrJhDy93t08ebf69UpxL5Zdr2
+Dk/yavsYqYDGObAVCgdkAMiMayNeEjPbb+dD4DnohTs5egXkCfc0Dqg1/l/NdTK9
+ONTlGeFyNNLCAoyNd8iJZPR0mwi/juAfVA2zqabnMoZvosM6YwXqjzg8/5OLbaiZ
+765Dr7wP+zgUmB0y7AR+LMqjCvaw2jprOo17jtjMEBOAojaWWEJTl3ZBTdLYDAKE
+qfpbwPLcY+sBdBO93LM6g92kQ3AFnH3Gcc3J1dKvQuI2NEd/0EfKWGCCAMXXaHg/
+9hJjtWgCuzIXqHXptcu5CzfU0QPyNd30+3HpgEYR2XavUi4RVm+FvqPZh6b67ZHX
+X7GsRGkLcSFbDFtSAhLYKTp0P50AKo7l2W16ZZFJi0v7c9cZ7J1UbyjQxa67gfR4
+yH23PYKU3Bh7U1gZiqDVRw8jXjAuc5WLH/fJg4e0Vrlhxa2W8qcykSu745T9b7+9
+Hu/gcBdRJG8ZWo9XzSsH
+=zUaO
+-----END PGP SIGNATURE-----

Modified: websites/production/camel/content/security-advisories.html
==============================================================================
--- websites/production/camel/content/security-advisories.html (original)
+++ websites/production/camel/content/security-advisories.html Sat Jan 30 06:30:37 2016
@@ -75,7 +75,7 @@
 	<tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2015-5348.txt.asc?version=1&amp;modificationDate=1450340845000&amp;api=v2"
data-linked-resource-id="61333112" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-5348.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="8">CVE-2015-5348</a>
- Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.</li><li><a
shape="rect" href="security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191000&amp;api=v2"
data-linked-resource-id="54165590" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-0264.txt.asc" data-nice-type="Text File" data-linked-
 resource-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="8">CVE-2015-0264</a>
- The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects
allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration.
The XML External Entity (XXE) will be resolved before the Exception is thrown.</li><li><a
shape="rect" href="security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178000&amp;api=v2"
data-linked-resource-id="54165589" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-0263.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="8">CVE-2015-0263</a>
- The XML converter setup in Apache Camel allows remote attackers to read arbitrary files
via an SAXSource 
 containing an XML External Entity (XXE) declaration.</li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2014-0003.txt.asc?version=1&amp;modificationDate=1393615582000&amp;api=v2"
data-linked-resource-id="40009835" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0003.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="8">CVE-2014-0003</a>
- The Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java
methods.</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0002.txt.asc?version=1&amp;modificationDate=1393615569000&amp;api=v2"
data-linked-resource-id="40009834" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0002.txt.asc" data-nice-typ
 e="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933"
data-linked-resource-container-version="8">CVE-2014-0002</a> - The Apache Camel XSLT
component will resolve entities in XML messages when transforming them using an xslt route.</li></ul><h3
id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2013-4330.txt.asc?version=1&amp;modificationDate=1380633919000&amp;api=v2"
data-linked-resource-id="35192841" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2013-4330.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="8">CVE-2013-4330</a>
- Writing files using FILE or FTP components, can potentially be exploited by a malicious
user.</li></ul><p>&#160;</p></div>
+<div class="wiki-content maincontent"><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2015-5344.txt.asc?version=1&amp;modificationDate=1454056803000&amp;api=v2"
data-linked-resource-id="61338184" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-5344.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="9">CVE-2015-5344</a>&#160;-&#160;Apache
Camel's XStream usage is vulnerable&#160;to Remote Code Execution attacks.</li><li><a
shape="rect" href="security-advisories.data/CVE-2015-5348.txt.asc?version=1&amp;modificationDate=1450340845000&amp;api=v2"
data-linked-resource-id="61333112" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-5348.txt.asc" data-nice-type="Text File" data-linked-reso
 urce-content-type="text/plain" data-linked-resource-container-id="34833933" data-linked-resource-container-version="9">CVE-2015-5348</a>
- Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.</li><li><a
shape="rect" href="security-advisories.data/CVE-2015-0264.txt.asc?version=1&amp;modificationDate=1426539191000&amp;api=v2"
data-linked-resource-id="54165590" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-0264.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="9">CVE-2015-0264</a>
- The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects
allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration.
The XML External Entity (XXE) will be resolved before the Exception is thrown.</li><li><a
sh
 ape="rect" href="security-advisories.data/CVE-2015-0263.txt.asc?version=1&amp;modificationDate=1426539178000&amp;api=v2"
data-linked-resource-id="54165589" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-0263.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="9">CVE-2015-0263</a>
- The XML converter setup in Apache Camel allows remote attackers to read arbitrary files
via an SAXSource containing an XML External Entity (XXE) declaration.</li></ul><h3
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-0003.txt.asc?version=1&amp;modificationDate=1393615582000&amp;api=v2"
data-linked-resource-id="40009835" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0003.txt.asc" data-nice-type="Tex
 t File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933"
data-linked-resource-container-version="9">CVE-2014-0003</a> - The Apache Camel XSLT
component allows XSL stylesheets to perform calls to external Java methods.</li><li><a
shape="rect" href="security-advisories.data/CVE-2014-0002.txt.asc?version=1&amp;modificationDate=1393615569000&amp;api=v2"
data-linked-resource-id="40009834" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0002.txt.asc" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="34833933" data-linked-resource-container-version="9">CVE-2014-0002</a>
- The Apache Camel XSLT component will resolve entities in XML messages when transforming
them using an xslt route.</li></ul><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2013-4330.txt.asc?version=1&am
 p;modificationDate=1380633919000&amp;api=v2" data-linked-resource-id="35192841" data-linked-resource-version="1"
data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2013-4330.txt.asc"
data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="34833933"
data-linked-resource-container-version="9">CVE-2013-4330</a> - Writing files using
FILE or FTP components, can potentially be exploited by a malicious user.</li></ul><p>&#160;</p></div>
         </td>
         <td valign="top">
           <div class="navigation">

Modified: websites/production/camel/content/siteindex.html
==============================================================================
--- websites/production/camel/content/siteindex.html (original)
+++ websites/production/camel/content/siteindex.html Sat Jan 30 06:30:37 2016
@@ -2109,7 +2109,7 @@
              <div class="smalltext" style="margin: 0 0 0 36px">Security Camel offers
several forms &amp; levels of security capabilities that can be utilized on camel routes.
These various forms of security may be used in conjunction with each other or separately.
The broad categories offered are Route Security - Authent</div>
                              <span class="icon aui-icon aui-icon-small aui-iconfont-page-default"
title="Page">Page:</span>                 <a shape="rect" href="security-advisories.html">Security
Advisories</a>
         <br clear="none">
-             <div class="smalltext" style="margin: 0 0 0 36px">2015 CVE-2015-5348 -
Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.
CVE-2015-0264 - The XPath handling in Apache Camel for invalid XML Strings or invalid XML
GenericFile objects allows remote attackers to r</div>
+             <div class="smalltext" style="margin: 0 0 0 36px">2015 CVE-2015-5344 -
Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks. CVE-2015-5348
- Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.
CVE-2015-0264 - The XPath handling in Apache </div>
                              <span class="icon aui-icon aui-icon-small aui-iconfont-page-default"
title="Page">Page:</span>                 <a shape="rect" href="seda.html">SEDA</a>
         <br clear="none">
              <div class="smalltext" style="margin: 0 0 0 36px">SEDA Component The seda:
component provides asynchronous SEDA http://www.eecs.harvard.edu/~mdw/proj/seda/ behavior,
so that messages are exchanged on a BlockingQueue http://java.sun.com/j2se/1.5.0/docs/api/java/util/concurrent/BlockingQueue.html
and consu</div>



Mime
View raw message