Red Hat Openshift Application Runtimes provides an application platform
that reduces the complexity of developing and operating applications
(monoliths and microservices) for OpenShift as a containerized platform.
The RHOAR Eclipse Vert.x 3.5.4 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.3, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.4 release, see the release notes in the References section.
Security Fix(es):
vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake (CVE-2018-12541)
vertx: API Validation XML Schemas do not forbid file system access (CVE-2018-12544)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.