Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 2.5.2 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements. Security Fix(es): * Scala: sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, IO.unzip allows writing of arbitrary file. This would have potential to overwrite /root/.ssh/authorized_keys. Within sbt's main code, IO.unzip is used in pullRemoteCache task and Resolvers.remote; however many projects use IO.unzip(…) directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.(CVE-2023-46122) ZooKeeper: Information disclosure in persistent watcher handling. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue. (CVE-2024-23944) ZooKeeper: Authorization Bypass in Apache ZooKeeper amq-st-2 Snappy: flaw was found in SnappyInputStream in snappy-java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service (DoS) (CVE-2023-43642) Kafka: snappy-java: Unchecked chunk length leads to DoS amq-st-2, (CVE-2024-27309), (CVE-2024-31141) Strimzi Operators: vertx-core: io.vertx:vertx-core: memory leak…Read More