Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 545
Alerts This Week
Warning Icon 1 545

Rocky Linux 8 RLSA-2026-40841 maven Important Directory Traversal

rocky
Calendar Grey July 16, 2026
Scroller Rockylinux Esm H88
Critical maven security updates are available for Rocky Linux 8, addressing important vulnerabilities like directory traversal.
Important: maven:3.8 security update

Summary

An update is available for module.maven, module.apache-commons-lang3, apache-commons-io, slf4j, apache-commons-codec, jsr-305, module.cdi-api, plexus-containers, guava, httpcomponents-client, cdi-api, module.sisu, module.plexus-classworlds, plexus-interpolation, module.httpcomponents-core, module.apache-commons-io, atinject, google-guice, module.plexus-cipher, plexus-sec-dispatcher, module.guava, module.jsr-305, module.maven-shared-utils, jakarta-annotations, module.plexus-interpolation, plexus-classworlds, maven-wagon, apache-commons-cli, apache-commons-lang3, module.jansi, module.apache-commons-codec, module.plexus-containers, jansi, maven, module.plexus-utils, sisu, module.atinject, maven-shared-utils, module.google-guice, module.maven-resolver, module.apache-commons-cli, module.slf4j, httpcomponents-core, module.httpcomponents-client, maven-resolver, module.maven-wagon, plexus-cipher, plexus-utils, module.plexus-sec-dispatcher, module.jakarta-annotations. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


RPMs

apache-commons-cli-0:1.5.0-5.module+el8.10.0+1811+d28a527b.noarch.rpm

apache-commons-cli-0:1.5.0-5.module+el8.10.0+1811+d28a527b.src.rpm

apache-commons-codec-0:1.15-8.module+el8.10.0+1811+d28a527b.noarch.rpm

apache-commons-codec-0:1.15-8.module+el8.10.0+1811+d28a527b.src.rpm

apache-commons-io-1:2.11.0-3.module+el8.10.0+1811+d28a527b.noarch.rpm

apache-commons-io-1:2.11.0-3.module+el8.10.0+1811+d28a527b.src.rpm

apache-commons-lang3-0:3.12.0-8.module+el8.10.0+1811+d28a527b.noarch.rpm

apache-commons-lang3-0:3.12.0-8.module+el8.10.0+1811+d28a527b.src.rpm

atinject-0:1.0.5-5.module+el8.10.0+1811+d28a527b.noarch.rpm

atinject-0:1.0.5-5.module+el8.10.0+1811+d28a527b.src.rpm

cdi-api-0:2.0.2-7.module+el8.10.0+1811+d28a527b.noarch.rpm

cdi-api-0:2.0.2-7.module+el8.10.0+1811+d28a527b.src.rpm

google-guice-0:4.2.3-10.module+el8.10.0+1811+d28a527b.noarch.rpm

google-guice-0:4.2.3-10.module+el8.10.0+1811+d28a527b.src.rpm

guava-0:31.0.1-5.module+el8.10.0+1811+d28a527b.noarch.rpm

Read the Full Advisory

References

No references

CVES

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67030

Severity
important

Name: RLSA-2026:40841
Affected Products: Rocky Linux 8

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2451409


Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.