Skip to content

docs: document API-component and semantic-header triage scope; add Security to user-manual nav#23253

Merged
oscerd merged 2 commits into
apache:mainfrom
oscerd:docs/security-model-header-triage-scope
May 15, 2026
Merged

docs: document API-component and semantic-header triage scope; add Security to user-manual nav#23253
oscerd merged 2 commits into
apache:mainfrom
oscerd:docs/security-model-header-triage-scope

Conversation

@oscerd
Copy link
Copy Markdown
Contributor

@oscerd oscerd commented May 15, 2026

Context

The ASF Security Team (Piotr) asked us to make the project security model more
prominent for reporters and to clarify two recurring triage questions so future
reports are handled consistently. This PR is the apache/camel side; a
companion PR against apache/camel-website adds a prominent "Security model and
report scope" section at the top of https://camel.apache.org/security/ linking
the canonical model page.

Changes

security-model.adoc — two triage clarifications folded into the model:

  1. Camel-prefixed API-component headers (CamelFhir.*, CamelBox.*,
    CamelOlingo4.*, CamelAs2.*, ...) reaching an API producer from an
    untrusted source. Documented position: not always out of scope — it is
    conditional, and the condition is at the inbound consumer, not the API
    producer    . These prefixes live in the Camel* namespace, so the protecting
    boundary is the inbound consumer's case-insensitive Camel*
    HeaderFilterStrategy (the CVE-2025-27636 family mechanism). Added to the
    Camel-header / bean-dispatch abuse in-scope class.
  2. Non-prefixed semantic headers a component reads (To, Cc in
    camel-mail, ...). Documented position: one uniform rule — framework
    auto-filtering is scoped to the internal Camel* / org.apache.camel.*
    namespace only; the rest is the route author's responsibility and a
    per-component documented contract; the inbound-filter class
    (e.g. CVE-2026-33454) and path-traversal class (e.g. CVE-2018-8041) still
    apply independently. Added as a Known limitations bullet.

nav.adoc — discoverability: the Security and Security Model pages were
reachable only by direct link. Added a top-level Security group to the
user-manual left navigation.

Notes

  • Docs-only change; no code, no generated files affected.
  • The triage positions were reviewed and confirmed with the operator before
    being written into the model.

Claude Code on behalf of Andrea Cosentino

oscerd and others added 2 commits May 15, 2026 17:33
@oscerd @claude
docs: document API-component and semantic-header triage scope in secu…
b407e63 
…rity model

Clarifies two recurring security-triage questions in the project security
model so the PMC and reporters apply a consistent position:

- Camel-prefixed API-component headers (CamelFhir.*, CamelBox.*, ...) reaching
  an API producer from an untrusted source: in scope is conditional on the
  inbound consumer's case-insensitive Camel* HeaderFilterStrategy, not the API
  producer; it is not always out of scope.
- Non-prefixed semantic headers a component reads (To, Cc in camel-mail, ...):
  one uniform rule (framework auto-filtering covers only the internal
  Camel*/org.apache.camel.* namespace; the rest is route-author responsibility
  and a per-component documented contract), with the inbound-filter and
  path-traversal classes still applying independently.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@oscerd @claude
docs: add Security section to user-manual navigation
8d7c33d 
The Security and Security Model pages were reachable only by direct link.
Add a top-level Security group to the user-manual left navigation so both
are discoverable from the docs site.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 15, 2026

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

@github-actions github-actions Bot added the docs label May 15, 2026
@oscerd oscerd requested review from davsclaus and gnodet May 15, 2026 15:35
@oscerd oscerd mentioned this pull request May 15, 2026
Merged
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 15, 2026

🧪 CI tested the following changed modules:

  • docs

⚙️ View full build and test results

@oscerd oscerd merged commit c13cee4 into apache:main May 15, 2026
7 checks passed
@oscerd oscerd mentioned this pull request May 18, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davsclaus davsclaus davsclaus approved these changes

@gnodet gnodet Awaiting requested review from gnodet

Assignees

No one assigned

Labels

docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oscerd @davsclaus