Apache Patches Two Vulnerabilities in Apache Camel

About three weeks ago, Apache patched two vulnerabilities in Apache Camel. The vulnerabilities CVE-2025-27636 and CVE-2025-29891 can lead to remote code execution, but not in the default configuration. The vulnerability is due to Apache Camel using case-sensitive filters to restrict usable headers. However, HTTP headers are not case-sensitive, allowing an attacker to easily bypass the filter.