[setup] ROOT=/data/pruva/runs/4444e238-1345-44a8-a279-5f23cf194a14/bundle [setup] HARNESS=/data/pruva/runs/4444e238-1345-44a8-a279-5f23cf194a14/bundle/vuln_variant/harness_output_header [setup] Java: openjdk version "17.0.19" 2026-04-21 [setup] Maven: Apache Maven 3.9.12 [attempt] starting vulnerable_4.18.2 version=4.18.2 port=19182 [attempt] vulnerable_4.18.2 http=500 invoked=true escaped_marker=true control_http=200 control_rejected=false marker=/data/pruva/runs/4444e238-1345-44a8-a279-5f23cf194a14/bundle/vuln_variant/attempt_vulnerable_4.18.2/escaped-output/DOCLING_OUTPUT_MARKER.txt [attempt] starting fixed_4.18.3 version=4.18.3 port=19183 [attempt] fixed_4.18.3 http=500 invoked=true escaped_marker=true control_http=500 control_rejected=true marker=/data/pruva/runs/4444e238-1345-44a8-a279-5f23cf194a14/bundle/vuln_variant/attempt_fixed_4.18.3/escaped-output/DOCLING_OUTPUT_MARKER.txt [attempt] starting latest_4.21.0 version=4.21.0 port=19210 [attempt] latest_4.21.0 http=500 invoked=true escaped_marker=true control_http=500 control_rejected=true marker=/data/pruva/runs/4444e238-1345-44a8-a279-5f23cf194a14/bundle/vuln_variant/attempt_latest_4.21.0/escaped-output/DOCLING_OUTPUT_MARKER.txt [result] BYPASS REPRODUCED: CamelDoclingOutputFilePath traversal reaches docling on fixed/latest version(s).