RHSA-2020:2367: Important: Red Hat support for Spring Boot 2.1.13 security and bug fix update
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.This release of Red Hat support for Spring Boot 2.1.13 serves as a replacement for Red Hat support for Spring Boot 2.1.12, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section.Security Fix(es): undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888) undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:2367?
The severity of RHSA-2020:2367 is classified as moderate.
How do I fix RHSA-2020:2367?
To fix RHSA-2020:2367, upgrade to the latest supported version of Red Hat Spring Boot as recommended in the advisory.
What systems are affected by RHSA-2020:2367?
RHSA-2020:2367 affects systems that utilize Red Hat supported Spring Boot 2.1.13.
Is there a workaround for RHSA-2020:2367?
There are no specific workarounds recommended for RHSA-2020:2367, other than applying the available patches.
Where can I find more information about RHSA-2020:2367?
More information about RHSA-2020:2367 can be found in the Red Hat errata documents and relevant Bugzilla entries.