RHSA-2022:1029: Important: Red Hat Integration Camel-K 1.6.4 release and security update

A micro version update (from 1.6.3 to 1.6.4) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.Security Fix(es): undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690) maven: Block repositories using http by default (CVE-2021-26291) cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407) bouncycastle: Timing issue within the EC math library (CVE-2020-15522) jetty: buffer not correctly recycled in Gzip Request inflation (CVE-2020-27218) RESTEasy: PathParam in RESTEasy can lead to a reflected XSS attack (CVE-2021-20293) XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349) jersey: Local information disclosure via system temporary directory (CVE-2021-28168) jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate (CVE-2021-28170) jdom: XXE allows attackers to cause a DoS via a crafted HTTP request (CVE-2021-33813) guava: local information disclosure via temporary directory created with unsafe permissions (CVE-2020-8908) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.