Lucene search

K
redhatRedHatRHSA-2022:5532
HistoryJul 07, 2022 - 2:16 p.m.

(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update

2022-07-0714:16:35
access.redhat.com
119

0.922 High

EPSS

Percentile

99.0%

This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.

Security Fix(es):

  • fastjson (CVE-2022-25845)

  • jackson-databind (CVE-2020-36518)

  • mysql-connector-java (CVE-2021-2471, CVE-2022-21363)

  • undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)

  • wildfly-elytron (CVE-2021-3642)

  • nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)

  • 3 qt (CVE-2021-3859)

  • kubernetes-client (CVE-2021-4178)

  • spring-security (CVE-2021-22119)

  • protobuf-java (CVE-2021-22569)

  • google-oauth-client (CVE-2021-22573)

  • XStream (CVE-2021-29505, CVE-2021-43859)

  • jdom (CVE-2021-33813, CVE-2021-33813)

  • apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)

  • Kafka (CVE-2021-38153)

  • xml-security (CVE-2021-40690)

  • logback (CVE-2021-42550)

  • netty (CVE-2021-43797)

  • xnio (CVE-2022-0084)

  • jdbc-postgresql (CVE-2022-21724)

  • spring-expression (CVE-2022-22950)

  • springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096, CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)

  • h2 (CVE-2022-23221)

  • junrar (CVE-2022-23596)

  • artemis-commons (CVE-2022-23913)

  • elasticsearch (CVE-2020-7020)

  • tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122, CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340, CVE-2022-23181)

  • junit4 (CVE-2020-15250)

  • wildfly-core (CVE-2020-25689, CVE-2021-3644)

  • kotlin (CVE-2020-29582)

  • karaf (CVE-2021-41766, CVE-2022-22932)

  • Spring Framework (CVE-2022-22968)

  • metadata-extractor (CVE-2022-24614)

  • poi-scratchpad (CVE-2022-26336)

  • postgresql-jdbc (CVE-2022-26520)

  • tika-core (CVE-2022-30126)

For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.