You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2020/09/18 08:59:09 UTC

[GitHub] [camel-quarkus] jamesnetherton opened a new issue #1807: allowContextMapAll requires template engines to have reflective access to camel core classess 

jamesnetherton opened a new issue #1807:
URL: https://github.com/apache/camel-quarkus/issues/1807


   Thinking a bit more about [this comment](https://github.com/apache/camel-quarkus/pull/1804#discussion_r490314030).
   
   We probably have a general issue with all of the templating component extensions (qute, mustache, mvel, velocity etc) where the template engine may need reflective access to complex objects like `Exchange`, `Message` or `CamelContext`. E.g as described [here](https://camel.apache.org/components/latest/velocity-component.html#_velocity_context) when `allowContextMapAll` is enabled.
   
   I don't think we have much (or any) test coverage for this, so we haven't noticed any issues thus far.
   
   We could:
   
   * Add a general purpose support extension, that would contain a `BuildStep` to configure reflection for these classes. Then the various extensions could depend on it.
   
   * Not offer any OOTB support for `allowContextMapAll` in native mode, and advise folks to keep things simple by only referencing the message body, headers & properties in templates
   
   * Similar to the above but force users to manually do the reflective class configuration for the necessary bits.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] jamesnetherton closed issue #1807: allowContextMapAll requires template engines to have reflective access to camel core classess

Posted by GitBox <gi...@apache.org>.
jamesnetherton closed issue #1807:
URL: https://github.com/apache/camel-quarkus/issues/1807


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel-quarkus] davsclaus commented on issue #1807: allowContextMapAll requires template engines to have reflective access to camel core classess

Posted by GitBox <gi...@apache.org>.
davsclaus commented on issue #1807:
URL: https://github.com/apache/camel-quarkus/issues/1807#issuecomment-694752800


   allowContextMapAll is a security vulnerabilty fix, so I am fine with no support for setting = true in camel-quarkus native mode or even jvm mode


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org