AMQ Streams 2.0.x Resolved Issues
Updated -
The AMQ Streams 2.0.1 release is now available for download from the Customer Portal and Red Hat Container Catalog. AMQ Streams 2.0.1 is a patch release for AMQ Streams 2.0.0. Note, AMQ Streams patches are cumulative and include fixes from previous patch releases as noted below.
The following issues have been resolved in the AMQ Streams 2.0.1 release:
| ID | Component | Summary |
|---|---|---|
| ENTMQST-3623 | CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method [amq-st-1] | |
| ENTMQST-3679 | CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer [amq-st-1] | |
| ENTMQST-3681 | CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender [amq-st-1] | |
| ENTMQST-3682 | CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink [amq-st-1] |
Comments