This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new 416ddb5 CAMEL-15050: Templating components - Variable map to be
limited to body/headers
416ddb5 is described below
commit 416ddb55bb54dae1eaa1be0a83246d80afe0c5ad
Author: Claus Ibsen <claus.ib...@gmail.com>
AuthorDate: Tue May 12 09:37:36 2020 +0200
CAMEL-15050: Templating components - Variable map to be limited to
body/headers
---
.../modules/ROOT/pages/camel-3x-upgrade-guide.adoc | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide.adoc
b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide.adoc
index 1612727..eb114bb 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3x-upgrade-guide.adoc
@@ -1176,3 +1176,16 @@ as they were not in use by Camel.
In relation to the dump model classes removal, in camel-karaf the following
commands were removed: `context-info`, `route-info`, `route-profile` and
`route-step`.
+
+== Upgrading Camel 3.3 to 3.4
+
+=== Template components
+
+The template components which allows access to the current `Exchange` and
`CamelContext` API
+from the context map available for templating has now been restricted to only
the message body and headers.
+
+This option can be enabled (`allowContextMapAll=true`) for full access to the
current Exchange and CamelContext.
+Doing so impose a potential security risk as this opens access to the full
power of CamelContext API.
+
+This applies to the following templating components: camel-freemarker,
camel-velocity, camel-mvel, camel-mustache,
+camel-string-template, camel-chunk, camel-robotframework.
