-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 security update
Advisory ID:       RHSA-2023:4200-01
Product:           Red Hat build of OptaPlanner
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4200
Issue date:        2023-07-18
CVE Names:         CVE-2023-20883 
====================================================================
1. Summary:

Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 release and security
update is now available. The purpose of this text-only errata is to inform
you about the security issues fixed.

Red Hat Product Security has rated this update as having an impact of
Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

2. Description:

A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8
including security updates is now available. The purpose of this text-only
errata is to inform you about the security issues fixed.
Red Hat Product Security has rated this update as having an impact of
Important.

A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

 Security Fix(es):

  * CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability

5. JIRA issues fixed (https://issues.redhat.com/):

RHBOP-42 - Remove javadoc references on upstream BOM
RHBOP-49 - Include sources  for antlr-runtime.jar to maven-repo.zip
RHBOP-50 - Include sources  for jfreechart.jar to maven-repo.zip
RHBOP-52 - [PLANNER-2899]Nearby selection for list variable

6. References:

https://access.redhat.com/security/cve/CVE-2023-20883
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJktsBeAAoJENzjgjWX9erE/FIP/2sQQ2Cmytsm1Qa7oEfwoo/Y
AuLAtfh5Lh4YswqxSm1G6yGSvMBvfiqXb1o/P8xQ/HXZ0I2AP+70aaxuINoztkdF
m9mTYJ8+7jzqLAbIDm6yQ7GITGs/O5BNChwfP8pcT4cqWyAyACJcgtIu9Kkv0AZG
QQSKDKrjyB7ItSj5tXZ7U7EARrVFKRpZcMVcRqJaz6wmy5HNIT/TAfHCmdAVeQfm
KkhGKYxarS5ZFrJtTRoMZsUUA4vzW3AWLVwdKidwa0tUMxZ/9Q5cpmll9ZtwnzN1
fV5DxX/wZbe3jwyLzTDJzyBHs2mAVvqqqjQfYO6O+3GfZyMIFK92Rh8MClIfbjll
WE2km5Rx/75SyJ13rTG758Z6TzLWU3GGiNLGCtynyLLe865xbWg3kidX+2AuVvpC
5CXj7HSmHSAV0IZhYI3LPEfEczRkGTiyK1Vvn7NM2G+ocQQUKmGWLEAorrW3Ys9J
dU/SngE1IVjHYU0t22ev71jkosvjCMu9HGuHQzGOaRSoBimE22zNIj7cy/tRoCqY
NU8rluDBITDrUiv7fwjt03x9P5rJNqenhevfC/7BFkZWXdoKIF7Yj1J2ubkkvGFw
+UYPMmromb0H9A+elpelwa6aloqUXUHnIbAhgRrieo9+AkyzYVInGhBneD3dvW8i
Z2MC8cRTV6nVoA5Ke0uA
=zvQ0
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-4200:01 Important: Red Hat Build of OptaPlanner 8.38.0

Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 release and security update is now available

Summary

A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Security Fix(es):
* CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2023-20883 https://access.redhat.com/security/updates/classification/#important

Package List


Severity
Advisory ID: RHSA-2023:4200-01
Product: Red Hat build of OptaPlanner
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4200
Issued Date: : 2023-07-18
CVE Names: CVE-2023-20883

Topic

Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 release and securityupdate is now available. The purpose of this text-only errata is to informyou about the security issues fixed.Red Hat Product Security has rated this update as having an impact ofImportant.A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2209342 - CVE-2023-20883 spring-boot: Spring Boot Welcome Page DoS Vulnerability

5. JIRA issues fixed (https://issues.redhat.com/):

RHBOP-42 - Remove javadoc references on upstream BOM

RHBOP-49 - Include sources for antlr-runtime.jar to maven-repo.zip

RHBOP-50 - Include sources for jfreechart.jar to maven-repo.zip

RHBOP-52 - [PLANNER-2899]Nearby selection for list variable


Related News

28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved