RHSA-2021:3205: Moderate: Red Hat Integration Camel-K 1.4 release and security update

A minor version update (from 1.3 to 1.4) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238) californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222) undertow: special character in query results in server errors (CVE-2020-27782) bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052) activemq: improper authentication allows MITM attack (CVE-2020-13920) flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518) groovy: OS temporary directory leads to information disclosure (CVE-2020-17521) kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) pdfbox: infinite loop while loading a crafted PDF file (CVE-2021-27807) cxf-rt-rs-json-basic: CXF: Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter (CVE-2021-30468) kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582) pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-27906) pdfbox: OutOfMemory-Exception while loading a crafted PDF file (CVE-2021-31811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.