RHSA-2021:3207: Moderate: Red Hat Integration Camel Quarkus Tech-Preview 2 security update

This release of Red Hat Integration - Camel Quarkus - 1.8.1 tech-preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution (CVE-2020-26238) californium-core: DTLS - DoS vulnerability for certificate based handshakes (CVE-2020-27222) undertow: special character in query results in server errors (CVE-2020-27782) activemq: improper authentication allows MITM attack (CVE-2020-13920) flink: apache-flink: directory traversal attack allows remote file writing through the REST API (CVE-2020-17518) groovy: OS temporary directory leads to information disclosure (CVE-2020-17521) kubernetes-client: fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise (CVE-2021-20218) kotlin-scripting-jvm: kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure (CVE-2020-29582) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.