Details:
This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References.
Security Fix(es):
fastjson (CVE-2022-25845)
jackson-databind (CVE-2020-36518)
mysql-connector-java (CVE-2021-2471, CVE-2022-21363)
undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)
wildfly-elytron (CVE-2021-3642)
nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)
3 qt (CVE-2021-3859)
kubernetes-client (CVE-2021-4178)
spring-security (CVE-2021-22119)
protobuf-java (CVE-2021-22569)
google-oauth-client (CVE-2021-22573)
XStream (CVE-2021-29505, CVE-2021-43859)
jdom (CVE-2021-33813, CVE-2021-33813)
apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090)
Kafka (CVE-2021-38153)
xml-security (CVE-2021-40690)
logback (CVE-2021-42550)
netty (CVE-2021-43797)
xnio (CVE-2022-0084)
jdbc-postgresql (CVE-2022-21724)
spring-expression (CVE-2022-22950)
springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096, CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)
h2 (CVE-2022-23221)
junrar (CVE-2022-23596)
artemis-commons (CVE-2022-23913)
elasticsearch (CVE-2020-7020)
tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122, CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340, CVE-2022-23181)
junit4 (CVE-2020-15250)
wildfly-core (CVE-2020-25689, CVE-2021-3644)
kotlin (CVE-2020-29582)
karaf (CVE-2021-41766, CVE-2022-22932)
Spring Framework (CVE-2022-22968)
metadata-extractor (CVE-2022-24614)
poi-scratchpad (CVE-2022-26336)
postgresql-jdbc (CVE-2022-26520)
tika-core (CVE-2022-30126)
For more details about the security issues, including the impact, CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:HI:HA:H9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H