RHSA-2022:0223: Moderate: Red Hat Integration Camel-K 1.6.3 release and security update
A minor version update (from 1.6.2 to 1.6.3) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:0223?
The severity of RHSA-2022:0223 is classified as critical due to the risk of remote code execution via JDBC Appender.
How do I fix RHSA-2022:0223?
To fix RHSA-2022:0223, you must update Red Hat Camel K from version 1.6.2 to 1.6.3 or apply the recommended patches.
What affected software is impacted by RHSA-2022:0223?
RHSA-2022:0223 impacts Red Hat Camel K that utilizes log4j-core.
What are the main changes in RHSA-2022:0223?
The main changes in RHSA-2022:0223 include bug fixes and enhancements as documented in the release notes.
Is there a workaround for RHSA-2022:0223?
There is no recommended workaround for RHSA-2022:0223; updating to the fixed version is advised.