Chapter 1. Security Alerts

The following security alerts are know to affect 6.0:

Security vulnerability in Camel Restlet component: The APPLICATION_JAVA_OBJECT and APPLICATION_JAVA_OBJECT_XML media types are not safe to use from a security perspective. There is a weakness in the XML deserialization mechanism used by these media types, which allows a remote attacker to force the JVM to execute unwanted Java code embedded inside a specially-crafted request to the REST endpoint. By default, camel-restlet uses the APPLICATION_WWW_FORM media type, which is not affected by this issue. It is possible to change the media type by setting the Content-Type message header. If you do so, it is important to ensure you do not use the APPLICATION_JAVA_OBJECT and APPLICATION_JAVA_OBJECT_XML media types. These media types will be disabled entirely in a future release.

Github

Youtube

Twitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.