To see which versions of Apache Camel Quarkus are supported please refer to this page.

For information on how to report a new security problem please see here.

Important: Do not file a public GitHub issue or Jira ticket for security vulnerabilities. Only report security issues through the private private-security@camel.apache.org email address as described in the security reporting instructions.

Before submitting a report, please read the project's Security Model. It documents the security model for Camel Quarkus, including inherited security considerations from Apache Camel,

The security model defines:

• Who is trusted (committers, route authors, deployment operators vs. untrusted external message senders)
• Where the trust boundaries sit (route + configuration vs. data flowing through the route)
• Which vulnerability classes the Camel Quarkus PMC accepts
• Which categories are out of scope (route-author or operator responsibility, explicit opt-ins, DoS through unthrottled routes, third-party transitive CVEs not reachable through Camel Quarkus code)

Reports outside the documented scope will be closed with a reference to the security model.

For suspected vulnerabilities in io.quarkus or io.quarkiverse dependencies that are not reachable through Camel Quarkus extension code, please refer to the Quarkus Security Policy and report directly to the Quarkus project.