First published: Tue Dec 14 2021(Updated: )
This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.<br>Security Fix(es):<br><li> log4j-core (CVE-2020-9488, CVE-2021-44228)</li> <li> nodejs-lodash (CVE-2019-10744)</li> <li> libthrift (CVE-2020-13949)</li> <li> xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351)</li> <li> undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)</li> <li> xmlbeans (CVE-2021-23926)</li> <li> batik (CVE-2020-11987)</li> <li> xmlgraphics-commons (CVE-2020-11988)</li> <li> tomcat (CVE-2020-13943)</li> <li> bouncycastle (CVE-2020-15522, CVE-2020-15522)</li> <li> groovy (CVE-2020-17521)</li> <li> tomcat (CVE-2020-17527)</li> <li> jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428)</li> <li> jackson-dataformat-cbor (CVE-2020-28491)</li> <li> jboss-remoting (CVE-2020-35510)</li> <li> kubernetes-client (CVE-2021-20218)</li> <li> netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)</li> <li> spring-web (CVE-2021-22118)</li> <li> cxf-core (CVE-2021-22696)</li> <li> json-smart (CVE-2021-27568)</li> <li> jakarta.el (CVE-2021-28170)</li> <li> commons-io (CVE-2021-29425)</li> <li> sshd-core (CVE-2021-30129)</li> <li> cxf-rt-rs-json-basic (CVE-2021-30468)</li> <li> netty-codec (CVE-2021-37136, CVE-2021-37137)</li> <li> jsoup (CVE-2021-37714)</li> <li> poi (CVE-2019-12415)</li> <li> mysql-connector-java (CVE-2020-2875, CVE-2020-2934)</li> <li> wildfly (CVE-2021-3536)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software | Affected Version | How to fix |
---|
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.