Red Hat Fuse 7.13.0 is released which includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Security Fix(es): undertow: OutOfMemoryError due to @MultipartConfig handling (CVE-2023-3223) jetty-servlets: jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479) jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167) jetty-https: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167) avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410) JSON-java: parser confusion leads to OOM (CVE-2023-5072) http2-hpack: jetty: hpack header values cause denial of service in http/2 (CVE-2023-36478) spring-boot: org.springframework.boot:spring-boot-actuator class vulnerable to denial of service (CVE-2023-34055) tomcat: HTTP request smuggling via malformed trailer headers (CVE-2023-46589) activemq: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE (CVE-2022-41678) logback: serialization vulnerability in logback receiver (CVE-2023-6378) logback: A serialization vulnerability in logback receiver (CVE-2023-6481) solr: : Apache Solr: Host environment variables are published via the Metrics API (CVE-2023-50290) shiro: path traversal attack may lead to authentication bypass (CVE-2023-46749) tomcat: Leaking of unrelated request bodies in…Read More