(RHSA-2024:4023) Important: Release of openshift-serverless-clients kn 1.33.0 security update & enhancements

Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact with
Red Hat OpenShift Serverless 1.33.0. The kn CLI is delivered as an RPM package
for installation on RHEL platforms, and as binaries for non-Linux platforms.

This release includes security, bug fixes, and enhancements.

Security Fix(es):

• golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
• golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
• golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
• golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
• golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
• golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

A Red Hat Security Bulletin, which addresses further details about the Rapid
Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.