This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git
The following commit(s) were added to refs/heads/main by this push:
new ef281f35 Blog: dependency updates across Camel 4.x releases (#1669)
ef281f35 is described below
commit ef281f35d78873d94fea0506b5162b4f8a586375
Author: Claus Ibsen <[email protected]>
AuthorDate: Thu Jun 18 11:58:02 2026 +0200
Blog: dependency updates across Camel 4.x releases (#1669)
* chore: blog post on dependency updates across Camel 4.x releases
Co-Authored-By: Claude Opus 4.6 <[email protected]>
* ci: fix preview URL extraction in netlify deploy workflow
Co-Authored-By: Claude Opus 4.6 <[email protected]>
---------
Co-authored-by: Claude Opus 4.6 <[email protected]>
---
.github/workflows/preview.yaml | 4 +-
.../2026/06/camel-dependency-updates/featured.svg | 111 +++++++++++++++
.../blog/2026/06/camel-dependency-updates/index.md | 156 +++++++++++++++++++++
3 files changed, 270 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/preview.yaml b/.github/workflows/preview.yaml
index ed24701c..2a8cccb0 100644
--- a/.github/workflows/preview.yaml
+++ b/.github/workflows/preview.yaml
@@ -63,7 +63,9 @@ jobs:
PR_NUMBER=${PR_NUMBER//[^0-9]/}
PR_URL="https://github.com/apache/camel-website/pull/${PR_NUMBER}";
yarn install
- DEPLOY_URL=$(yarn preview:netlify --alias="pr-${PR_NUMBER}"
--message="Preview for ${PR_URL}" --json 2> /dev/null |jq -r .deploy_url)
+ DEPLOY_OUTPUT=$(yarn preview:netlify --alias="pr-${PR_NUMBER}"
--message="Preview for ${PR_URL}" --json)
+ echo "Deploy output: $DEPLOY_OUTPUT"
+ DEPLOY_URL=$(echo "$DEPLOY_OUTPUT" | jq -r '.deploy_ssl_url //
.deploy_url // .url // empty')
echo "DEPLOY_URL=${DEPLOY_URL}" >> $GITHUB_ENV
echo "ISSUE_NUMBER=${PR_NUMBER}" >> $GITHUB_ENV
- uses: actions/github-script@v7
diff --git a/content/blog/2026/06/camel-dependency-updates/featured.svg
b/content/blog/2026/06/camel-dependency-updates/featured.svg
new file mode 100644
index 00000000..ae9ea881
--- /dev/null
+++ b/content/blog/2026/06/camel-dependency-updates/featured.svg
@@ -0,0 +1,111 @@
+<svg xmlns="http://www.w3.org/2000/svg"; viewBox="0 0 800 450"
font-family="'Segoe UI', Arial, sans-serif">
+ <defs>
+ <linearGradient id="bg" x1="0%" y1="0%" x2="100%" y2="100%">
+ <stop offset="0%" style="stop-color:#1a1a2e"/>
+ <stop offset="100%" style="stop-color:#16213e"/>
+ </linearGradient>
+ <linearGradient id="bar" x1="0%" y1="0%" x2="0%" y2="100%">
+ <stop offset="0%" style="stop-color:#e8792f"/>
+ <stop offset="100%" style="stop-color:#c4611a"/>
+ </linearGradient>
+ <linearGradient id="barAdd" x1="0%" y1="0%" x2="0%" y2="100%">
+ <stop offset="0%" style="stop-color:#4ade80"/>
+ <stop offset="100%" style="stop-color:#22c55e"/>
+ </linearGradient>
+ <filter id="glow">
+ <feGaussianBlur stdDeviation="2" result="blur"/>
+ <feMerge>
+ <feMergeNode in="blur"/>
+ <feMergeNode in="SourceGraphic"/>
+ </feMerge>
+ </filter>
+ </defs>
+
+ <!-- Background -->
+ <rect width="800" height="450" fill="url(#bg)"/>
+
+ <!-- Subtle grid -->
+ <g opacity="0.04" stroke="#fff" stroke-width="0.5">
+ <line x1="0" y1="100" x2="800" y2="100"/>
+ <line x1="0" y1="150" x2="800" y2="150"/>
+ <line x1="0" y1="200" x2="800" y2="200"/>
+ <line x1="0" y1="250" x2="800" y2="250"/>
+ <line x1="0" y1="300" x2="800" y2="300"/>
+ <line x1="0" y1="350" x2="800" y2="350"/>
+ </g>
+
+ <!-- Title -->
+ <text x="400" y="32" text-anchor="middle" fill="#ffffff" font-size="16"
font-weight="600" letter-spacing="1" opacity="0.9">APACHE CAMEL — DEPENDENCY
UPDATES</text>
+
+ <!-- Main hero number -->
+ <g transform="translate(400, 105)" filter="glow">
+ <text x="0" y="0" text-anchor="middle" fill="#e8792f" font-size="64"
font-weight="bold">2,449</text>
+ <text x="0" y="28" text-anchor="middle" fill="#8899bb" font-size="15"
font-weight="500" letter-spacing="1">DEPENDENCY VERSION UPDATES</text>
+ <text x="0" y="48" text-anchor="middle" fill="#667799" font-size="13"
letter-spacing="0.5">ACROSS 20 MINOR RELEASES (4.0 → 4.20)</text>
+ </g>
+
+ <!-- Bar chart: dependency updates per release -->
+ <!-- Chart area: x=60..740, y=170..350, max height=170 for value 173 -->
+ <g transform="translate(60, 350)">
+ <!-- Bars (scaled: max 173 -> height 150) -->
+ <rect x="6" y="-56" width="28" height="56" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="40" y="-48" width="28" height="48" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="74" y="-113" width="28" height="113" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="108" y="-114" width="28" height="114" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="142" y="-83" width="28" height="83" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="176" y="-106" width="28" height="106" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="210" y="-132" width="28" height="132" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="244" y="-134" width="28" height="134" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="278" y="-150" width="28" height="150" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="312" y="-134" width="28" height="134" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="346" y="-103" width="28" height="103" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="380" y="-128" width="28" height="128" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="414" y="-88" width="28" height="88" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="448" y="-104" width="28" height="104" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="482" y="-116" width="28" height="116" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="516" y="-102" width="28" height="102" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="550" y="-122" width="28" height="122" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="584" y="-106" width="28" height="106" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="618" y="-134" width="28" height="134" fill="url(#bar)" rx="2"
opacity="0.9"/>
+ <rect x="652" y="-50" width="28" height="50" fill="url(#bar)" rx="2"
opacity="0.9"/>
+
+ <!-- Version labels (every other) -->
+ <text x="20" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.1</text>
+ <text x="88" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.3</text>
+ <text x="156" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.5</text>
+ <text x="224" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.7</text>
+ <text x="292" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.9</text>
+ <text x="360" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.11</text>
+ <text x="428" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.13</text>
+ <text x="496" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.15</text>
+ <text x="564" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.17</text>
+ <text x="632" y="14" text-anchor="middle" fill="#667799"
font-size="8">4.19</text>
+
+ <!-- Peak label -->
+ <text x="292" y="-155" text-anchor="middle" fill="#4ade80" font-size="11"
font-weight="bold">173</text>
+ </g>
+
+ <!-- Bottom stats row -->
+ <g transform="translate(0, 385)">
+ <line x1="50" y1="0" x2="750" y2="0" stroke="#2a3a5e" stroke-width="1"/>
+
+ <text x="133" y="30" text-anchor="middle" fill="#e8792f" font-size="22"
font-weight="bold">122</text>
+ <text x="133" y="48" text-anchor="middle" fill="#667799"
font-size="11">AVG PER RELEASE</text>
+
+ <line x1="265" y1="12" x2="265" y2="52" stroke="#2a3a5e" stroke-width="1"/>
+
+ <text x="400" y="30" text-anchor="middle" fill="#4ade80" font-size="22"
font-weight="bold">415 → 507</text>
+ <text x="400" y="48" text-anchor="middle" fill="#667799"
font-size="11">TOTAL DEPENDENCIES</text>
+
+ <line x1="535" y1="12" x2="535" y2="52" stroke="#2a3a5e" stroke-width="1"/>
+
+ <text x="665" y="30" text-anchor="middle" fill="#60a5fa" font-size="22"
font-weight="bold">20</text>
+ <text x="665" y="48" text-anchor="middle" fill="#667799"
font-size="11">MINOR RELEASES</text>
+ </g>
+
+ <!-- Small camel silhouette watermark -->
+ <g transform="translate(720, 8)" opacity="0.15">
+ <path d="M0,22 Q5,8 12,10 Q15,2 22,5 Q28,0 32,6 L38,10 Q42,8 45,12 L48,22
L44,22 L42,16 L38,22 L28,22 L26,16 L22,22 L12,22 L10,16 L6,22 Z"
+ fill="#e8792f"/>
+ </g>
+</svg>
diff --git a/content/blog/2026/06/camel-dependency-updates/index.md
b/content/blog/2026/06/camel-dependency-updates/index.md
new file mode 100644
index 00000000..2382a968
--- /dev/null
+++ b/content/blog/2026/06/camel-dependency-updates/index.md
@@ -0,0 +1,156 @@
+---
+title: "The Hidden Work: 2,449 Dependency Updates Across 20 Apache Camel
Releases"
+date: 2026-06-18
+draft: false
+authors: [davsclaus]
+categories: ["Community"]
+preview: "Apache Camel manages 500+ third-party dependencies. Over 20 minor
releases and 38 LTS patch releases, the community made 2,890 dependency version
updates — quiet, invisible work that keeps the framework secure and compatible."
+---
+
+Every Apache Camel release ships new features and bug fixes — and those get
the headlines. But behind every release there is a quieter effort that rarely
gets mentioned: **keeping 500+ third-party dependencies current**.
+
+We compared the `parent/pom.xml` across every Camel 4.x minor release — from
4.0.0 to 4.20.0 — and counted every dependency version that changed. Here is
what we found.
+
+## 2,449 dependency updates across 20 releases
+
+Every minor release updates a significant portion of the dependency tree. The
average is **122 dependency version updates per release** — roughly a quarter
of all managed dependencies.
+
+| Release | Date | Updated | Added | Removed | Total Deps |
+|---------|------|---------|-------|---------|------------|
+| 4.0.0 → 4.1.0 | Oct 2023 | 65 | 2 | 4 | 413 |
+| 4.1.0 → 4.2.0 | Nov 2023 | 55 | 3 | 1 | 415 |
+| 4.2.0 → 4.3.0 | Dec 2023 | 130 | 0 | 0 | 415 |
+| 4.3.0 → 4.4.0 | Feb 2024 | 132 | 8 | 2 | 421 |
+| 4.4.0 → 4.5.0 | Mar 2024 | 96 | 7 | 1 | 427 |
+| 4.5.0 → 4.6.0 | May 2024 | 122 | 3 | 2 | 428 |
+| 4.6.0 → 4.7.0 | Jul 2024 | 152 | 5 | 4 | 429 |
+| 4.7.0 → 4.8.0 | Sep 2024 | 154 | 7 | 0 | 436 |
+| 4.8.0 → 4.9.0 | Nov 2024 | 173 | 20 | 3 | 453 |
+| 4.9.0 → 4.10.0 | Feb 2025 | 155 | 3 | 5 | 451 |
+| 4.10.0 → 4.11.0 | Mar 2025 | 119 | 11 | 4 | 458 |
+| 4.11.0 → 4.12.0 | May 2025 | 148 | 6 | 1 | 463 |
+| 4.12.0 → 4.13.0 | Jul 2025 | 102 | 7 | 2 | 468 |
+| 4.13.0 → 4.14.0 | Aug 2025 | 120 | 2 | 0 | 470 |
+| 4.14.0 → 4.15.0 | Oct 2025 | 134 | 5 | 1 | 474 |
+| 4.15.0 → 4.16.0 | Nov 2025 | 117 | 6 | 0 | 480 |
+| 4.16.0 → 4.17.0 | Jan 2026 | 141 | 11 | 1 | 490 |
+| 4.17.0 → 4.18.0 | Feb 2026 | 122 | 5 | 0 | 495 |
+| 4.18.0 → 4.19.0 | Apr 2026 | 154 | 15 | 4 | 506 |
+| 4.19.0 → 4.20.0 | Apr 2026 | 58 | 1 | 0 | 507 |
+| **Total** | | **2,449** | **127** | **35** | |
+
+The 4.8.0 → 4.9.0 release had the highest activity: **173 updated** and **20
added** — reflecting the wave of new AI and cloud connectors entering the
project during that period.
+
+## The dependency footprint grew 22%
+
+Camel 4.0.0 managed **415** third-party dependency versions. By 4.20.0 that
number is **507** — a 22% increase across 20 releases. That growth comes from
new connectors (AI, MCP, document processing, cloud services) each bringing
their own dependency trees.
+
+The net growth of **92 dependencies** (127 added, 35 removed) shows the
community also prunes — replacing deprecated libraries, consolidating
duplicates, and dropping abandoned projects.
+
+## LTS patch branches: manual, targeted updates
+
+The minor release numbers tell one story. The LTS patch branches tell another
— and in some ways a more impressive one.
+
+Apache Camel maintains multiple Long-Term Support (LTS) release lines
simultaneously, each receiving patch releases for approximately one year. On
these branches, dependency updates are not bulk upgrades — they are
**deliberate, targeted changes**: CVE fixes, Spring Boot patch release
alignments, and known dependency bug fixes that affect users. None of this is
automated. Every update is hand-picked, reviewed, and tested.
+
+Here is the full LTS patch history for Camel 4.x:
+
+### 4.0.x LTS (6 patch releases)
+
+| Release | Date | Updated |
+|---------|------|---------|
+| 4.0.0 → 4.0.1 | Sep 2023 | 11 |
+| 4.0.1 → 4.0.2 | Oct 2023 | 19 |
+| 4.0.2 → 4.0.3 | Nov 2023 | 4 |
+| 4.0.3 → 4.0.4 | Jan 2024 | 8 |
+| 4.0.4 → 4.0.5 | Apr 2024 | 10 |
+| 4.0.5 → 4.0.6 | Aug 2024 | 5 |
+| **Total** | | **57** |
+
+### 4.4.x LTS (5 patch releases)
+
+| Release | Date | Updated |
+|---------|------|---------|
+| 4.4.0 → 4.4.1 | Mar 2024 | 8 |
+| 4.4.1 → 4.4.2 | Apr 2024 | 8 |
+| 4.4.2 → 4.4.3 | Jun 2024 | 24 |
+| 4.4.3 → 4.4.4 | Oct 2024 | 34 |
+| 4.4.4 → 4.4.5 | Jan 2025 | 13 |
+| **Total** | | **87** |
+
+### 4.8.x LTS (9 patch releases)
+
+| Release | Date | Updated |
+|---------|------|---------|
+| 4.8.0 → 4.8.1 | Oct 2024 | 16 |
+| 4.8.1 → 4.8.2 | Dec 2024 | 15 |
+| 4.8.2 → 4.8.3 | Jan 2025 | 13 |
+| 4.8.3 → 4.8.4 | Feb 2025 | 11 |
+| 4.8.4 → 4.8.5 | Mar 2025 | 0 |
+| 4.8.5 → 4.8.6 | Mar 2025 | 11 |
+| 4.8.6 → 4.8.7 | May 2025 | 6 |
+| 4.8.7 → 4.8.8 | Jun 2025 | 11 |
+| 4.8.8 → 4.8.9 | Sep 2025 | 0 |
+| **Total** | | **83** |
+
+### 4.10.x LTS (9 patch releases)
+
+| Release | Date | Updated |
+|---------|------|---------|
+| 4.10.0 → 4.10.1 | Feb 2025 | 10 |
+| 4.10.1 → 4.10.2 | Mar 2025 | 3 |
+| 4.10.2 → 4.10.3 | Mar 2025 | 9 |
+| 4.10.3 → 4.10.4 | Apr 2025 | 14 |
+| 4.10.4 → 4.10.5 | May 2025 | 13 |
+| 4.10.5 → 4.10.6 | Jun 2025 | 10 |
+| 4.10.6 → 4.10.7 | Sep 2025 | 20 |
+| 4.10.7 → 4.10.8 | Dec 2025 | 18 |
+| 4.10.8 → 4.10.9 | Feb 2026 | 7 |
+| **Total** | | **104** |
+
+### 4.14.x LTS (7 patch releases, active)
+
+| Release | Date | Updated |
+|---------|------|---------|
+| 4.14.0 → 4.14.1 | Sep 2025 | 11 |
+| 4.14.1 → 4.14.2 | Oct 2025 | 20 |
+| 4.14.2 → 4.14.3 | Dec 2025 | 7 |
+| 4.14.3 → 4.14.4 | Jan 2026 | 8 |
+| 4.14.4 → 4.14.5 | Feb 2026 | 3 |
+| 4.14.5 → 4.14.6 | Apr 2026 | 30 |
+| 4.14.6 → 4.14.7 | Apr 2026 | 0 |
+| **Total** | | **79** |
+
+### 4.18.x LTS (2 patch releases, active)
+
+| Release | Date | Updated |
+|---------|------|---------|
+| 4.18.0 → 4.18.1 | Mar 2026 | 23 |
+| 4.18.1 → 4.18.2 | Apr 2026 | 8 |
+| **Total** | | **31** |
+
+### LTS totals
+
+Across all six LTS lines: **441 targeted dependency updates** in **38 patch
releases** — every single one reviewed and tested manually.
+
+These are not the broad sweeps of a minor release where everything gets
bumped. These are selective, risk-aware updates where the maintainers evaluate
each change: does this CVE affect Camel? Does this Spring Boot patch break
compatibility? Is this dependency bug worth the risk of updating on a stable
branch?
+
+## Why this matters
+
+Outdated dependencies are the most common source of security vulnerabilities
in Java projects. Every CVE in a transitive dependency is a potential exposure
for every user. When the Log4Shell vulnerability hit in December 2021, projects
that had fallen behind on dependency updates faced emergency scrambles.
Projects that kept current were patched within days.
+
+Camel's approach is systematic: dependencies are updated **every release
cycle**, not in occasional bulk upgrades. This means:
+
+- **Security patches land quickly.** When a dependency publishes a CVE fix, it
typically reaches the next Camel release — not months later.
+- **No big-bang upgrades.** Updating 120 dependencies every 6–8 weeks is
manageable. Updating 400 dependencies after a year of neglect is not.
+- **Compatibility stays tested.** Each incremental update gets the full test
suite — 22,000 test files across 350+ connectors.
+
+## The invisible maintenance tax
+
+These 2,890 updates — 2,449 on minor releases plus 441 hand-picked patches on
LTS branches — don't show up in release notes. They don't get conference talks.
They are the kind of work that only gets noticed when it stops happening — when
a downstream user runs a security scan and discovers they're three versions
behind on a library with a known CVE.
+
+For a framework that manages 500+ dependencies across 350+ connectors, keeping
the dependency tree current is a substantial, ongoing commitment. It is also
one of the most important things the Apache Camel community does.
+
+## The data is public
+
+All numbers in this post were computed by comparing the `parent/pom.xml`
across [git tags](https://github.com/apache/camel/tags) in the [Apache Camel
repository](https://github.com/apache/camel). The `parent/pom.xml` file
contains all managed dependency versions for the project — anyone can reproduce
these numbers with `git show <tag>:parent/pom.xml` and a diff.
