Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.2.0 serves as a replacement for Red Hat AMQ Streams 2.1.0, and includes security and bug fixes, and enhancements.
Security Fix(es):
kafka: Unauthenticated clients may cause OutOfMemoryError on brokers (CVE-2022-34917)
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
netty: world readable temporary file containing sensitive data (CVE-2022-24823)
com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.