CVE-2020-11972.txt.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2020-11972: Apache Camel RabbitMQ enables Java deserialization by default

Severity: MEDIUM

Vendor: The Apache Software Foundation

Versions Affected: Camel 2.25.0, Camel 3.0.0 to 3.1.0. The unsupported Camel 2.x (2.24 and earlier) versions may be also affected.

Description: Apache Camel RabbitMQ enables Java deserialization by default

Mitigation: 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0 The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-14711 refers to the various commits that resovoled the issue, and have more details.

Credit: This issue was discovered by Colm O. HEigeartaigh <coheigea at apache dot org> from Apache Software Foundation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJevUQmAAoJEONOnzgC/0EAoUEH/3gQSJ+agSsG/NujZ2xffXRw
YvfSHRzlWKKailRrTA0M7400YcLcY0vWJm+7lq2IBxCwQ+YXV5sn5k9IbztCaXi+
NkfuScPghlCk6ysYW4ipkNQKHjCkT2IRDHH460vfBNlD07P2wlnF+Wd9DnE5ssBv
lKt0sbfUwd8Wd6DGt6IfR42f/yNtBRC9B/JLIY5Ch2InptI3kB3xKjOzw/VvL69L
nJfu9L/oGX8UbOy3xLrQUp9MfNK5ymtiOW/xKVJbW6icoU3qopz0uQk3oIo5HRvi
34fhmRBJ8fSguS3xC2VWBuQKCy765EaCB0X95vesM8/9TNTKmdr71AjKrye0i3o=
=+Dlv
-----END PGP SIGNATURE-----