Red Hat build of Apache Camel 4.4.0 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
xnio: StackOverflowException when the chain of notifier states becomes problematically big (CVE-2023-5685)
tomcat: Leaking of unrelated request bodies in default error page (CVE-2024-21733)
guava: insecure temporary directory creation (CVE-2023-2976)
jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
json-path: stack-based buffer overflow in Criteria.parse method (CVE-2023-51074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.