News

Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks

Apache Camel's camel-xstream component is vulnerable to Java object de-serialisation vulnerability.
Such as de-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.

Please study this security vulnerability carefully!
CVE-2015-5344 - [1]

You can download the fixed Apache Camel 2.15.x and 2.16.x version from the Apache mirrors [2] or from the Central Maven repository.

[1] http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc?version=1&modificationDate=1454056803464&api=v2
[2] http://camel.apache.org/download

 

On behalf of the Camel PMC,
Claus Ibsen

The Camel community announces the immediate availability of the new patch release Camel 2.16.2. This release contains over 70 fixes applied in the past few weeks by the community on the Camel 2.16.x maintenance branch.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.

Many thanks to all who made this release possible.

On behalf of the Camel PMC,
Gregor Zurowski

The Apache Camel project is a mature and well establish project that was created almost 9 years ago.

Some users of Apache Camel takes on the challenge of sharing their knowledge and experience by writing a book on the subject.

Here at the start of 2016, we will see two new books coming out:

  • Apache Camel Essentials
  • Camel Design Patterns

That brings the total number of books up to 8, and then in addition there is the book that started it all - the Enterprise Integration Patterns (EIP) book.

You can find a list of all the known books in the books page.

If you are aware of any new books on the way, then we would love to hear about this, so those books can be added to the list as well.

Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability
If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatic de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object.

Please study this security vulnerability carefully!

  • CVE-2015-5348 - [1]

You can download the fixed Apache Camel 2.15.x and 2.16.x version from the Apache mirrors [2] or from the Central Maven repository.

[1] http://camel.apache.org/security-advisories.data/CVE-2015-5348.txt.asc?version=1&modificationDate=1450340845000&api=v2
[2] http://camel.apache.org/download

On behalf of the Camel PMC,
Claus Ibsen

The Apache Camel user community is growing constantly with increased adoption especially during this year. We are grateful to our users who decide to give something back in the form of reporting bugs, providing patches and contributing to the documentation. The project would not be what it is without the community contributions. We want to see more of you helping out and the most active join us as committers.

It is also very rewarding to see that most of the contributors who became committers continue to stay involved. Therefore, in recognition of their continued contribution, the Apache Camel PMC invited recently a committer to join the PMC, be even more involved and take a greater responsibility in shaping the future of the Camel project. We welcome Gregor Zurowski as new Apache Camel PMC member. Many thanks for your past contributions and we look forward to the same commitment in the future.

On behalf of the Camel PMC, welcome aboard and we expect more great things coming from you!

 

Christian Müller,

VP, Apache Camel

 

 

The Camel community announces the immediate availability of the new patch release Camel 2.15.5. This release contains 19 fixes applied in the past few weeks by the community on the Camel 2.15.x maintenance branch. This release also updates the Apache Commons Collections library to version 3.2.2 that contains a patch for a recently reported object de-serialization vulnerability.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.

Many thanks to all who made this release possible.

On behalf of the Camel PMC,
Gregor Zurowski

The Camel community announces the immediate availability of the new patch release Camel 2.16.1. This release contains over 60 fixes applied in the past few weeks by the community on the Camel 2.16.x maintenance branch. This release also updates the Apache Commons Collections library to version 3.2.2 that contains a patch for a recently reported object de-serialization vulnerability.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.
Many thanks to all who made this release possible.

On behalf of the Camel PMC,
Gregor Zurowski

The Camel community announces the immediate availability of the new patch release Camel 2.14.4. This release contains 18 fixes applied in the past few weeks by the community on the Camel 2.14.x maintenance branch. We expect this to be the last patch release for the 2.14.x branch.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.

Many thanks to all who made this release possible.

On behalf of the Camel PMC,
Gregor Zurowski

The Camel community announces the immediate availability of the new patch release Camel 2.15.4. This release contains over 40 fixes applied in the past few weeks by the community on the Camel 2.15.x maintenance branch.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.

Many thanks to all who made this release possible.

On behalf of the Camel PMC,

Gregor Zurowski

The Apache Camel PMC is pleased to introduce Sergey Beryozkin as a new committer. We are very happy with the sustained growth of the project and look forward to continued contributions from the community and adding to the ranks of Camel Riders. Sergey was involved with Camel for well over long time now, especially with Camel CXF. He contributed to the code and got involved with the community on the mailing lists.

 

On behalf of the Camel PMC, welcome aboard and we expect more great things coming from you!

 

Christian Müller,

VP, Apache Camel

The Apache Camel user community is growing constantly. It is also very rewarding to see that most of the contributors who became committers continue to stay involved. Therefore, in recognition of the continued contribution, the Apache Camel PMC invited Jean-Baptiste Onofré to join the PMC, be even more involved and take a greater responsibility in shaping the future of the Camel project. I'm sure most of you already know JB. He is an Apache member and in the PMC of Apache Ace, Archiva, Aries, Falcon, Incubator, Karaf, Lens, Servicemix & Syncope. Beside this, he is also a committer in Apache ActiveMQ and JClouds.

 

Many thanks for your past contributions and we look forward to the same commitment in the future.

 

Christian Müller,

VP, Apache Camel

The Camel community announces the immediate availability of the new major release Camel 2.16.0. This release contains a total of 600+ fixes applied in the past 6 months by the community on the Camel master branch.  

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.   

Many thanks to all who made this release possible.   

On behalf of the Camel PMC,   

Dan

The Apache Camel user community is growing constantly with increased adoption. We are grateful to our users who decide to give something back in the form of reporting bugs, providing patches and contributing to the documentation. The project would not be what it is without the community contributions. We want to see more of you helping out and the most active join us as committers. It is also very rewarding to see that most of the contributors who became committers continue to stay involved. Therefore, in recognition of their continued contribution, the Apache Camel PMC invited recently Aki Yoshida and Andrea Cosentino to join the PMC, be even more involved and take a greater responsibility in shaping the future of the Camel project. We welcome both as new Apache Camel PMC members. Many thanks for your past contributions and we look forward to the same commitment in the future.

On behalf of the Camel PMC, welcome aboard and we expect more great things coming from you!

Christian Müller,

 

VP, Apache Camel

Apache Camel 2.15.3

The Camel community announces the immediate availability of the new patch release Camel 2.15.3. This release contains over 100 fixes applied in the past few weeks by the community on the Camel 2.15.x maintenance branch.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes .

Many thanks to all who made this release possible.

On behalf of the Camel PMC,

Dan

The Camel community announces the immediate availability of the new patch release Camel 2.14.3. This release contains a total of 80 fixes applied in the past few weeks by the community on the Camel 2.14.x maintenance branch. 

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes

Many thanks to all who made this release possible. 

On behalf of the Camel PMC, 

Willem Jiang

The Camel community announces the immediate availability of the new patch release Camel 2.15.2. This release contains a total of 71 fixes applied in the past few weeks by the community on the Camel 2.15.x maintenance branch.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.

Many thanks to all who made this release possible.

On behalf of the Camel PMC,

Willem

Yesterday, the Camel PMC voted another one of the very active and talented contributors to become a committer.

Andrea Cosentino is actively involved with Apache Camel since months contributing code and helping other users. Andrea contributed many patches / pull requests for helping to maintain the Camel components and ensure they are using newer releases of the dependency JARs. He is also taking on OSGi and help upgrade and maintain the karaf features as well. He is also working on a cassandra Camel component at GitHub, porting this good stuff back.

On behalf of the Camel PMC, welcome aboard Andrea and keep up the great work!

Christian

The Camel community announces the immediate availability of the new patch release Camel 2.15.1. This release contains a total of 55 fixes applied in the past few weeks by the community on the Camel 2.15.x maintenance branch.

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.

Many thanks to all who made this release possible.

On behalf of the Camel PMC,

Willem

If you are using Apache Camel to route XML messages, please note that the security advisories CVE-2015-0263 and CVE-2015-0264 may affect you.

Please study these critical security vulnerability carefully!

CVE-2015-0263
CVE-2015-0264

You can download the fixed Apache Camel 2.13.x and 2.14.x version from the Apache mirrors or from the Central Maven repository.

On behalf of the Camel PMC,
Christian

The Camel community announces the immediate availability of the new major release Camel 2.15.0. This release contains a total of 500+ fixes applied in the past 6 months by the community on the Camel master branch.  

The artifacts are published and ready for you to download either from the Apache mirrors or from the Central Maven repository. For more details please take a look at the release notes.   

Many thanks to all who made this release possible.   

On behalf of the Camel PMC,   

Willem

© 2004-2015 The Apache Software Foundation.
Apache Camel, Camel, Apache, the Apache feather logo, and the Apache Camel project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
Graphic Design By Hiram