(RHSA-2018:2938) Moderate: Red Hat OpenShift Application Runtimes Thorntail 2.2.0 security & bug fix update

ID RHSA-2018:2938
Type redhat
Reporter RedHat
Modified 2018-10-17T17:03:05


Red Hat OpenShift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.

This release of RHOAR Thorntail 2.2.0 serves as a replacement for RHOAR WildFly Swarm 7.1.0, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

  • undertow: Path traversal in ServletResourceManager class (CVE-2018-1047)

  • jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.