Red Hat JBoss Enterprise Application Platform CD16 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform CD16 includes bug fixes and enhancements.
Security Fix(es):
- jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
- jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
- jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
- jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
- jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
- jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
- jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.