{
  "repository": "github.com/apache/camel",
  "maven_artifact": "org.apache.camel:camel-platform-http-main",
  "commit_source": "release_tag_resolution",
  "commit_sha": "699d9363ab93c54a255afdf97077ee35c3709cd2",
  "submitted_target": {
    "target_kind": "release_tag",
    "commit_sha": "cf4dbbcb1c88dbecaa14f3d74d66490aa71f777f",
    "version": "4.14.5",
    "ref": "camel-4.14.5",
    "display": "org.apache.camel:camel-platform-http-main:4.14.5 (camel-4.14.5) -- vulnerable / parent claim target",
    "tag_object_sha": "ebcf87a500cd1e872edb3eb36a0f910a857ab83a"
  },
  "variant_target": {
    "target_kind": "release_tag",
    "commit_sha": "699d9363ab93c54a255afdf97077ee35c3709cd2",
    "version": "4.14.6",
    "ref": "camel-4.14.6",
    "display": "org.apache.camel:camel-platform-http-main:4.14.6 (camel-4.14.6) -- PATCHED, bypass confirmed on this build",
    "tag_object_sha": "dac52cbe7f2be90d4da9003f1d417f552b5441cb"
  },
  "fix_commit": {
    "sha": "a9ebee94af976ac2afd7906d2e76673067d8be86",
    "message": "chore: default authentication path to /* in platform-http-main",
    "date": "2026-04-08T08:37:44Z",
    "files": [
      "components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/MainAuthenticationConfigurer.java",
      "components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/BasicAuthenticationConfigurer.java",
      "components/camel-platform-http-main/src/main/java/org/apache/camel/component/platform/http/main/authentication/JWTAuthenticationConfigurer.java"
    ]
  },
  "tested_artifact_resolution": {
    "method": "Maven Central release jars resolved from repo1.maven.org; source jars (camel-platform-http-main-4.14.5/4.14.6-sources.jar, camel-platform-http-vertx-4.14.6-sources.jar, camel-main-4.14.5/4.14.6-sources.jar) extracted and diffed to confirm the fix; release tags resolved to git commits via the GitHub git refs/tags API (api.github.com/repos/apache/camel/git/ref/tags/camel-4.14.6 -> annotated tag object -> commit 699d9363...).",
    "runtime_artifacts_used": [
      "org.apache.camel:camel-platform-http-main:4.14.5",
      "org.apache.camel:camel-platform-http-main:4.14.6",
      "org.apache.camel:camel-platform-http-vertx:4.14.5",
      "org.apache.camel:camel-platform-http-vertx:4.14.6",
      "org.apache.camel:camel-management:4.14.5",
      "org.apache.camel:camel-management:4.14.6",
      "org.apache.camel:camel-console:4.14.5",
      "org.apache.camel:camel-console:4.14.6"
    ]
  },
  "notes": "The tested target is the patched Maven release 4.14.6 (camel-4.14.6 -> commit 699d9363ab93c54a255afdf97077ee35c3709cd2). The bypass was reproduced at runtime against the actual 4.14.6 jars (not source). camel-4.18.2 and camel-4.20.0 carry the same fix commit and are expected to behave identically."
}
