-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2018-8027: Apache Camel's Core Camel Core is vulnerable to XXE in XSD validation processor

Severity: MEDIUM

Vendor: The Apache Software Foundation

Versions Affected: Camel 2.20.0 to 2.20.3 and Camel 2.21.0
The unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

Description: Apache Camel's Core is vulnerable to XML External Entity vulnerability.

Mitigation: 2.20.x users should upgrade to 2.20.4, 2.21.0 users should upgrade to 2.21.1. 

The JIRA tickets: https://issues.apache.org/jira/browse/CAMEL-12444 and https://issues.apache.org/jira/browse/CAMEL-10894 (partial fix)
refer to the various commits that resovoled the issue, and have more details.

Credit: This issue was discovered by Karel Jelínek <karel dot jelinek at unicorm dot com> from Unicorn Systems.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJbYAhVAAoJEONOnzgC/0EA+YsIAJUHgpPjIwba+Ujmz04iWrwI
IYVHZC7dlzhp0cEhH0S0uyOrWKW+Le2jWq2EqPhNo1TiDkBAPxv85cd7Ai1vgg+6
jloP8tI5+3fVFbQIa7mGidz1chCS38nnpxKHLyUMecnF+sMPyAAPgc+ARMCVKKBI
RUaWreh9b0wm4q8sZKeYPUgue6y30E7AEY3Nx1xs9tIzV60kVA0Kiwc0Ne3bkQID
iimSwIEAgjky2EXfwnGInNdl78SEap7YMSD3hxGT4+2AV41Pw39dAbBSZuDQW3xT
C5vknZUXd3/09RqWrpOgXfKpamaEvBgAxwU3GC5z3Qm5esRXtJSx3SFVSrutmcM=
=kB+X
-----END PGP SIGNATURE-----