Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.7.13 serves as a replacement for Red Hat support for Spring Boot 2.7.12, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section.
Security Fix(es):
snakeyaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
undertow: Infinite loop in SslConduit during close (CVE-2023-1108)
springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
reactor-netty-http: Log request headers in some cases of invalid HTTP requests (CVE-2022-31684)
tomcat: JsonErrorReportValve injection (CVE-2022-45143)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.