Red Hat build of Apache Camel 4.4.3 for Spring Boot release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) (CVE-2024-47561) com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service (CVE-2023-52428) org.springframework/spring-webmvc: Path Traversal Vulnerability in Spring Applications Using RouterFunctions and FileSystemResource (CVE-2024-38816) ca.uhn.hapi.fhir/org.hl7.fhir.dstu2016may: XXE vulnerability in XSLT transforms in org.hl7.fhir.core (CVE-2024-45294) ca.uhn.hapi.fhir/org.hl7.fhir.dstu3: XXE vulnerability in XSLT transforms in org.hl7.fhir.core (CVE-2024-45294) ca.uhn.hapi.fhir/org.hl7.fhir.r4: XXE vulnerability in XSLT transforms in org.hl7.fhir.core (CVE-2024-45294) ca.uhn.hapi.fhir/org.hl7.fhir.r5: XXE vulnerability in XSLT transforms in org.hl7.fhir.core (CVE-2024-45294) ca.uhn.hapi.fhir/org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in org.hl7.fhir.core (CVE-2024-45294) org.springframework/spring-web: Spring Framework DoS via conditional HTTP request (CVE-2024-38809) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References…Read More