(RHSA-2024:4028) Moderate: Release of OpenShift Serverless 1.33.0 security update & enhancements

Version 1.33.0 of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.12, 4.13, 4.14, 4.15 and 4.16

This release includes security, bug fixes, and enhancements.

Security Fix(es):

• golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
• golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
• quarkus-core: Leak of local configuration properties into Quarkus applications (CVE-2024-2700)
• netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)
• golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
• golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
• golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
• jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issues, including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE pages listed in the References section.