-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2020-11973: Apache Camel Netty enables Java deserialization by default Severity: MEDIUM Vendor: The Apache Software Foundation Versions Affected: Camel 2.25.0, Camel 3.0.0 to 3.1.0. The unsupported Camel 2.x (2.24 and earlier) versions may be also affected. Description: Apache Camel Netty enables Java deserialization by default Mitigation: 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0 The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-14447 refers to the various commits that resovoled the issue, and have more details. Credit: This issue was discovered by Colm O. HEigeartaigh from Apache Software Foundation -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJevUX3AAoJEONOnzgC/0EANycIAJD8FSGAr+HGQPBig7wvTR3D NAOCQjjPrC3KiLrBTW82JBU/0n/tWYTx9hSa1DmafKa4Cu/yO3SWaKbH/V6pT5QC NJZPn/bOIEyfNErRKIVuLmf9/I0Cwd2rb3CJVN3OhQv0xvE8PcyXQ0F/wDYVXlbR Lu3HR5dWaNVUC9bs/DCrC2SKI9XKq17JhSYu+W6hHGWrYSIcMvgxV8wOK5gigjLf Yih+gO378cI1kuq5anf2xAiRxGmDL41uuwQXC+lmrG61UM7ozZe+Tz8/QdBJc4hZ sxD40oW1UXRqAnmcUkJEpEdSqa740XSWcVVgSOCCn78YAOHm96pcSN0S6JZf1f8= =Ks1J -----END PGP SIGNATURE-----