Generic JSON chain does not honor user-supplied content type.A regression was introduced in 10.5.3.0 where explicitly overridden content-type headers using the generic HTTP client could have a charset appended to them. This has now been fixed.

Vulnerable third-party CXF component used.

Apache Camel has been updated to 3.3.0 and Apache CXF has been updated to 3.3.6 to resolve vulnerabilities associated with the previous versions. Since this is a major update of these components, users with extensive use of the web services adapter may experience some differences in functionality.