Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.7.2 serves as a replacement for Red Hat support for Spring Boot 2.5.12, and includes security, bug fixes and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
reactor-netty: specific redirect configuration allows for a credentials leak (CVE-2020-5404)
kubernetes-client: Insecure deserialization in unmarshalYaml method (CVE-2021-4178)
protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)
undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) (CVE-2022-1259)
undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.