Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 7. Fixed Issues in Fuse 7.13
The following sections list the issues that have been fixed in Fuse 7.13:
7.1. Bugs resolved in Fuse 7.13
The following tables list the resolved bugs in Fuse 7.13.
| Issue | Description |
|---|---|
| Fuse 7.12 blueprint properties not getting resolved | |
| infinispan-hibernate-cache-commons is not defined in fuse 7.12.1 bom | |
| Transaction rollback set in <doCatch> block does not work if "handled true" is set in the onException block | |
| Backport CAMEL-13092 for camel 2.x | |
| CAMEL-11750 was not completely implemented in Fuse | |
| Exception during Karaf start: java.lang.IllegalStateException: Resource has no uri | |
| Camel-openapi-java RestModelConverters.processSchema() ignores Swagger @Schema annotations | |
| camel-http4 HttpComponent logs a raw password unsafe characters | |
| NullPointerException when logging is at WARN level | |
| CamelBatchComplete is always true for PollEnrich File component | |
| Karaf won’t start when using JDK 11.0.20 | |
| Fuse on Openshift image uses very old jmx_prometheus_javaagent.jar | |
| camel-http4 with toD does not work on Karaf | |
| [JDG-4351][JBMAR-235] camel-infinispan requires jboss-marshalling update from 2.0.9.Final to 2.0.11.Final onwards | |
| Improve logging of JSch library | |
| Getting error "The dependencies of some of the beans in the application context form a cycle" | |
| New Fuse Console deployments don’t work after yearly "openshift-service-serving-signer" certificate rotation | |
| Build fails with "-Dorg.slf4j.simpleLogger.defaultLogLevel=trace" option | |
| CVE-2024-22201 jetty: stop accepting new connections from valid clients [fuse-7] | |
| CVE-2024-22243 springframework: URL Parsing with Host Validation [fuse-7] | |
| CVE-2024-21733 tomcat: Leaking of unrelated request bodies in default error page [fuse-7] | |
| CVE-2023-46749 shiro: path traversal attack may lead to authentication bypass [fuse-7] | |
| CVE-2023-50290 solr: : Apache Solr: Host environment variables are published via the Metrics API [fuse-7] | |
| CVE-2023-6481 logback: A serialization vulnerability in logback receiver [fuse-7] | |
| CVE-2023-6378 logback: serialization vulnerability in logback receiver [fuse-7] | |
| CVE-2022-41678 activemq: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE [fuse-7] | |
| CVE-2023-46589 tomcat: HTTP request smuggling via malformed trailer headers [fuse-7] | |
| CVE-2023-34055 spring-boot: org.springframework.boot:spring-boot-actuator class vulnerable to denial of service [fuse-7] | |
| CVE-2023-33202 bcpkix: bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class [fuse-7] | |
| CVE-2023-5072 JSON-java: parser confusion leads to OOM [fuse-7] | |
| CVE-2024-22257 spring-security: Broken Access Control With Direct Use of AuthenticatedVoter [fuse-7] | |
| CVE-2024-22259 springframework: URL Parsing with Host Validation [fuse-7] | |
| CVE-2024-28752 cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding [fuse-7] | |
| CVE-2023-36478 http2-hpack: jetty: hpack header values cause denial of service in http/2 [fuse-7] | |
| CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK [fuse-7] | |
| CVE-2024-30171 org.bouncycastle-bcprov-jdk18on: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) [fuse-7] | |
| CVE-2023-3223 undertow: OutOfMemoryError due to @MultipartConfig handling [fuse-7] | |
| CVE-2023-40167 jetty-http: jetty: Improper validation of HTTP/1 content-length [fuse-7] | |
| CVE-2023-36479 jetty-servlets: jetty: Improper addition of quotation marks to user inputs in CgiServlet [fuse-7] |
