(RHSA-2021:2039) Moderate: Service Registry (container images) release and security update [1.1.1.GA]

ID RHSA-2021:2039
Type redhat
Reporter RedHat
Modified 2021-05-19T11:44:30


This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes.

Security Fix(es):

  • hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)

  • jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.