This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238)
californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222)
undertow: special character in query results in server errors (CVE-2020-27782)
activemq: improper authentication allows MITM attack (CVE-2020-13920)
flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518)
groovy: OS temporary directory leads to information disclosure (CVE-2020-17521)
kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218)
kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.