(RHSA-2021:2039) Moderate: Service Registry (container images) release and security update [1.1.1.GA]

2021-05-19T11:40:35
ID RHSA-2021:2039
Type redhat
Reporter RedHat
Modified 2021-05-19T11:44:30

Description

This release of Red Hat Integration - Service registry 1.1.1.GA serves as a replacement for 1.1.0.GA, and includes the below security fixes.

Security Fix(es):

  • hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)

  • jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)

  • golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.