Documentation

Karaf Runtime

4.x series

[ online | html | pdf ]

Latest update

3.x series

[ online | html | pdf ]

Latest update
Karaf Cellar

4.x series

[ online | html | pdf ]

Latest update

3.x series

[ online | html | pdf ]

Latest update
Karaf Decanter

2.x series

[ online | html | pdf ]

Latest update

1.x series

[ online | html | pdf ]

Latest update

Examples

You are looking for some examples to learn how to implement bundle for Apache Karaf ? There is some usefull examples include in the source code, you can also browse and view documentation on the github of the projet.
If you are looking for examples that are missing here or you want to share your example with the community, please contact us on the mailing list and we will add it with pleasure.

Name Description Github
Blueprint using services with XML or annotations.
Branding branding the look'n feel of the shell console for your own Karaf distribution.
Bundle the bundle is the core deployment unit when using OSGi.
Camel this example shows how to use Apache Camel in Karaf. Apache Camel is a integration framework, allowing you to integrate several systems and applications all together.
CDI this example shows how to use CDI in Karaf, with annotations (Inject, etc).
Shell Command creating a shell command.
Configuration this example shows how to use configuration in your application, introducing different approach.
Deployer creating a Karaf deployer service on the deploy folder.
Docker this example shows how to easily create Docker image with Karaf and your applications. It shows two kinds of packages: static or dynamic.
Dump creating a dump provider service.
HTTP resource creating a very simple bundle that just register an empty resource service.
Integration test creating integration tests in addition of unit tests for your bundles.
JAAS using the Karaf Security service in different way.
JDBC using simple JDBC implementation with Pax-JDBC and an Apache Derby embedded database.
JMS using a JMS ConnectionFactory service in code that you can implement to interact with JMS.
JPA using JPA with entity manager for the persistence implementation.
Pax Logging Appender registering a custom Pax Logging appender.
Maven using the Karaf Maven plugin with goals like assembly, client, deploy, kar, run...
MBean registering a JMX MBean in the Apache Karaf MBeanServer
Profile creating several profiles (in a registry) and use these profiles to create custom distributions.
Redis using a Redis server (pub/sub, or key/value store) within Karaf.
REST using JAX-RS to implement a REST service.
Scheduler creating a runnable service periodically executed by the Apache Karaf scheduler.
Service Component Runtime using services with annotations with the OSGi compendium specification.
Servlet registering a servlet in the Karaf HTTP Service with different approaches.
SOAP using JAX-WS to implement a SOAP service.
URL Namespace Handler creating a new URL namespace handler and use it in all Apache Karaf parts.
War creating a regular war to be deployed in Apache Karaf.
Websocket this example shows how to register a websocket in the Karaf HTTP Service.
GraphQL this example shows how to use GraphQL in the context of a HTTP servlet, websocket and commands in Apache Karaf.

Security Advisories

CVE-2014-0219 : Apache Karaf enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.

Notes »

CVE-2016-8750 : Apache Karaf's LDAPLoginModule is vulnerable to LDAP injection.

Notes »

CVE-2018-11786 : Enforce SSH permission based on RBAC.

Notes »

CVE-2018-11787 : Unsecure access to Gogo shell in the webconsole.

Notes »

CVE-2018-11788 : XXE vulnerability found on Apache Karaf.

Notes »

CVE-2019-0191: Zip-slip vulnerability in KAR deployer.

Notes »

CVE-2019-0226: Arbitrary file write vulnerability in Config service.

Notes »

CVE-2020-11980: A remote client could create MBeans from arbitrary URLs.

Notes »

CVE-2021-41766: Insecure Java Deserialization.

Notes »

CVE-2022-22932: Path traversal flaws

Notes »

CVE-2022-40145: JDBC JAAS LDAP injection

Notes »

CVE-2024-34365: Cave SSRF and arbitrary file access

Notes »

Articles