This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
hawtio-osgi (CVE-2017-5645)
prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)
apache-commons-compress (CVE-2019-12402)
karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)
tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)
spring-cloud-config-server (CVE-2020-5410)
velocity (CVE-2020-13936)
httpclient: apache-httpclient (CVE-2020-13956)
shiro-core: shiro (CVE-2020-17510)
hibernate-core (CVE-2020-25638)
wildfly-openssl (CVE-2020-25644)
jetty (CVE-2020-27216, CVE-2021-28165)
bouncycastle (CVE-2020-28052)
wildfly (CVE-2019-14887, CVE-2020-25640)
resteasy-jaxrs: resteasy (CVE-2020-1695)
camel-olingo4 (CVE-2020-1925)
springframework (CVE-2020-5421)
jsf-impl: Mojarra (CVE-2020-6950)
resteasy (CVE-2020-10688)
hibernate-validator (CVE-2020-10693)
wildfly-elytron (CVE-2020-10714)
undertow (CVE-2020-10719)
activemq (CVE-2020-13920)
cxf-core: cxf (CVE-2020-13954)
fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)
jboss-ejb-client: wildfly (CVE-2020-14297)
xercesimpl: wildfly (CVE-2020-14338)
xnio (CVE-2020-14340)
flink: apache-flink (CVE-2020-17518)
resteasy-client (CVE-2020-25633)
xstream (CVE-2020-26258)
mybatis (CVE-2020-26945)
pdfbox (CVE-2021-27807, CVE-2021-27906)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.