This release of Red Hat Fuse 7.10.0 serves as a replacement for Red Hat Fuse 7.9, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
log4j-core (CVE-2020-9488, CVE-2021-44228)
nodejs-lodash (CVE-2019-10744)
libthrift (CVE-2020-13949)
xstream (CVE-2020-26217, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351)
undertow (CVE-2020-27782, CVE-2021-3597, CVE-2021-3629, CVE-2021-3690)
xmlbeans (CVE-2021-23926)
batik (CVE-2020-11987)
xmlgraphics-commons (CVE-2020-11988)
tomcat (CVE-2020-13943)
bouncycastle (CVE-2020-15522, CVE-2020-15522)
groovy (CVE-2020-17521)
tomcat (CVE-2020-17527)
jetty (CVE-2020-27218, CVE-2020-27223, CVE-2021-28163, CVE-2021-28164, CVE-2021-28169, CVE-2021-34428)
jackson-dataformat-cbor (CVE-2020-28491)
jboss-remoting (CVE-2020-35510)
kubernetes-client (CVE-2021-20218)
netty (CVE-2021-21290, CVE-2021-21295, CVE-2021-21409)
spring-web (CVE-2021-22118)
cxf-core (CVE-2021-22696)
json-smart (CVE-2021-27568)
jakarta.el (CVE-2021-28170)
commons-io (CVE-2021-29425)
sshd-core (CVE-2021-30129)
cxf-rt-rs-json-basic (CVE-2021-30468)
netty-codec (CVE-2021-37136, CVE-2021-37137)
jsoup (CVE-2021-37714)
poi (CVE-2019-12415)
mysql-connector-java (CVE-2020-2875, CVE-2020-2934)
wildfly (CVE-2021-3536)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.