(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update

This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

• hawtio-osgi (CVE-2017-5645)

• prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)

• apache-commons-compress (CVE-2019-12402)

• karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)

• tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)

• spring-cloud-config-server (CVE-2020-5410)

• velocity (CVE-2020-13936)

• httpclient: apache-httpclient (CVE-2020-13956)

• shiro-core: shiro (CVE-2020-17510)

• hibernate-core (CVE-2020-25638)

• wildfly-openssl (CVE-2020-25644)

• jetty (CVE-2020-27216, CVE-2021-28165)

• bouncycastle (CVE-2020-28052)

• wildfly (CVE-2019-14887, CVE-2020-25640)

• resteasy-jaxrs: resteasy (CVE-2020-1695)

• camel-olingo4 (CVE-2020-1925)

• springframework (CVE-2020-5421)

• jsf-impl: Mojarra (CVE-2020-6950)

• resteasy (CVE-2020-10688)

• hibernate-validator (CVE-2020-10693)

• wildfly-elytron (CVE-2020-10714)

• undertow (CVE-2020-10719)

• activemq (CVE-2020-13920)

• cxf-core: cxf (CVE-2020-13954)

• fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)

• jboss-ejb-client: wildfly (CVE-2020-14297)

• xercesimpl: wildfly (CVE-2020-14338)

• xnio (CVE-2020-14340)

• flink: apache-flink (CVE-2020-17518)

• resteasy-client (CVE-2020-25633)

• xstream (CVE-2020-26258)

• mybatis (CVE-2020-26945)

• pdfbox (CVE-2021-27807, CVE-2021-27906)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.