Red Hat SummitChapter 1. Red Hat build of Apache Camel for Spring Boot release notes
1.1. Red Hat build of Apache Camel for Spring Boot features
Red Hat build of Apache Camel for Spring Boot introduces Camel support for Spring Boot which provides auto-configuration of the Camel and starters for many Camel components. The opinionated auto-configuration of the Camel context auto-detects Camel routes available in the Spring context and registers the key Camel utilities (like producer template, consumer template and the type converter) as beans.
1.2. Supported platforms, configurations, databases, and extensions for Red Hat build of Apache Camel for Spring Boot
- For information about supported platforms, configurations, and databases in Red Hat build of Apache Camel for Spring Boot, see the Supported Configuration page on the Customer Portal (login required).
- For a list of Red Hat Red Hat build of Apache Camel for Spring Boot extensions, see the Red Hat build of Apache Camel for Spring Boot Reference (login required).
1.3. Important notes
Documentation for Red Hat build of Apache Camel for Spring Boot components is available in the Red Hat build of Apache Camel for Spring Boot Reference. Documentation for additional Red Hat build of Apache Camel for Spring Boot components will be added to this reference guide.
1.3.1. The javax to jakarta Package Namespace Change
The Java EE move to the Eclipse Foundation and the establishment of Jakarta EE, since Jakarta EE 9, packages used for all EE APIs have changed to jakarta.*
Code snippets in documentation have been updated to use the jakarta.* namespace, but you of course need to take care and review your own applications.
This change does not affect javax packages that are part of Java SE.
When migrating applications to EE 10, you need to:
-
Update any import statements or other source code uses of EE API classes from the
javaxpackage tojakarta. -
Change any EE-specified system properties or other configuration properties whose names begin with
javax.to begin withjakarta.. -
Use the
META-INF/services/jakarta.[rest_of_name]name format to identify implementation classes in your applications that use the implement EE interfaces or abstract classes bootstrapped with thejava.util.ServiceLoadermechanism.
1.3.1.1. Migration tools
- Source code migration: How to use Red Hat Migration Toolkit for Auto-Migration of an Application to the Jakarta EE 10 Namespace
- Bytecode transforms: For cases where source code migration is not an option, the open source Eclipse Transformer
Additional resources
- Background: Update on Jakarta EE Rights to Java Trademarks
- Red Hat Customer Portal: Red Hat JBoss EAP Application Migration from Jakarta EE 8 to EE 10
- Jakarta EE: Javax to Jakarta Namespace Ecosystem Progress
1.3.2. Migration from Fuse 7.11 to Red Hat build of Apache Camel for Spring Boot
This release contains a Migrating to Red Hat build of Apache Camel for Spring Boot documenting the changes required to successfully run and deploy Fuse 7.11 applications on Red Hat build of Apache Camel for Spring Boot. It provides information on how to resolve deployment and runtime problems and prevent changes in application behavior. Migration is the first step in moving to the Red Hat build of Apache Camel for Spring Boot platform. Once the application deploys successfully and runs, users can plan to upgrade individual components to use the new functions and features of Red Hat build of Apache Camel for Spring Boot.
1.3.3. Support for EIP circuit breaker
The Circuit Breaker EIP for Camel Spring Boot supports Resilience4j configuration. This configuration provides integration with Resilience4j to be used as Circuit Breaker in Camel routes.
1.3.4. Support for Stateful transactions
The Red Hat build of Camel Example Spring Boot provides a Camel Spring Boot JTA quickstart. This quickstart demonstrates how to run a Camel Service on Spring Boot that supports JTA transactions on two external transactional resources: a database (MySQL) and a message broker (Artemis). These external resources are provided by OpenShift which must be started before running this quickstart.
1.4. Red Hat build of Apache Camel for Spring Boot Fixed Issues
The following sections list the issues that have been fixed in Red Hat build of Apache Camel for Spring Boot.
1.4.1. Red Hat build of Apache Camel for Spring Boot version 4.0.3 Fixed Issues
The following table lists the resolved bugs in Red Hat build of Apache Camel for Spring Boot version 4.0.3.
| Issue | Description |
|---|---|
| CVE-2023-6378 logback: serialization vulnerability in logback receiver | |
| CVE-2023-6481 logback: A serialization vulnerability in logback receiver | |
| CVE-2023-4043 parsson: Denial of Service due to large number parsing |
1.4.2. Red Hat build of Apache Camel for Spring Boot version 4.0.2 Fixed Issues
The following table lists the resolved bugs in Red Hat build of Apache Camel for Spring Boot version 4.0.2.
| Issue | Description |
|---|---|
| CVE-2023-5072 JSON-java: parser confusion leads to OOM |
1.4.3. Red Hat build of Apache Camel for Spring Boot version 4.0 Fixed Issues
The following table lists the resolved bugs in Red Hat build of Apache Camel for Spring Boot version 4.0.
| Issue | Description |
|---|---|
| [cxfrs-component] camel-cxf-rest-starter needs cxf-spring-boot-autoconfigure | |
| CXF TrustedAuthorityValidatorTest failure | |
| Camel Saxon: java.lang.ArrayIndexOutOfBoundsException: Index 8192 out of bounds for length 8192 | |
| [CSB Examples] - javax dependency requested for camel-jira example | |
| CXF misalignments | |
| CVE-2023-34462 netty: io.netty:netty-handler: SniHandler 16MB allocation [rhint-camel-spring-boot-3.18] | |
| spring-security ConsensusBased accessDecisionManager | |
| CVE-2023-33008 apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale [rhint-camel-spring-boot-3.18] | |
| camel-openapi-java-starter throws an error on parsing openapi yaml | |
| Improve logging of JSch library | |
| CSB archetype missing parameters | |
| camel-salesforce contains javax transitive dependency | |
| cxf-services-xkms-itests is somehow present in cxf-bom | |
| camel-bindy org.apache.camel.util.ReflectionHelper.setField() has race condition | |
| Openshift Maven Plugin dependencies on MRRC | |
| CVE-2022-46751 apache-ivy: XML External Entity vulnerability [rhint-camel-spring-boot-3.18] | |
| CVE-2022-44730 batik: Server-Side Request Forgery vulnerability [rhint-camel-spring-boot-3.18] | |
| CVE-2022-44729 batik: Server-Side Request Forgery vulnerability [rhint-camel-spring-boot-3.18] | |
| jdbc and spring-jdbc transacted() does not work properly | |
| CVE-2023-26048 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() [rhint-camel-spring-boot-3.18] | |
| CVE-2023-26049 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies [rhint-camel-spring-boot-3.18] | |
| [CAMEL-19814](camel-rest - Should filter out query parameters that are for the producer endpoint) | |
|
CXF RS sent | |
| resource leak caused by new introduced in-jdk http-client since CXF 4.0.1 | |
| CVE-2023-40167 jetty-http: jetty: Improper validation of HTTP/1 content-length [rhint-camel-spring-boot-3.18] | |
| No direct conversion from JAXBElement<Type> to Type |
