A micro version update (from 1.6.3 to 1.6.4) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

* undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

* maven: Block repositories using http by default (CVE-2021-26291)

* cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)

* bouncycastle: Timing issue within the EC math library (CVE-2020-15522)

* jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218)

* RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack (CVE-2021-20293)

* XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)

* jersey: Local information disclosure via system temporary directory (CVE-2021-28168)

* jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170)

* jdom: XXE allows attackers to cause a DoS via a crafted HTTP request (CVE-2021-33813)

* guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Read More