This release of Red Hat Integration - Service Registry 2.5.11 GA includes the following security fixes.
Security Fix(es):
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file [rhint-serv-2] (CVE-2024-25710)
vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx [rhint-serv-2] (CVE-2024-1023)
vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support [rhint-serv-2] (CVE-2024-1300)
commons-compress: OutOfMemoryError unpacking broken Pack200 file [rhint-serv-2] (CVE-2024-26308)
netty-codec-http: Allocation of Resources Without Limits or Throttling [rhint-serv-2] (CVE-2024-29025)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.