AnnJoy23 opened a new issue, #1884: URL: https://github.com/apache/incubator-kie-issues/issues/1884
CVE fixes releases for Quarkus 3.15 LTS to address following CVEs: [CVE-2025-24970](https://nvd.nist.gov/vuln/detail/CVE-2025-24970) - Upstream Netty (only for 3.15) [CVE-2025-1247](https://nvd.nist.gov/vuln/detail/CVE-2025-1247) - Quarkus REST - Using field injection for request-scoped elements in REST resources not marked with the request scope could lead to concurrency issues. [CVE-2024-12225](https://nvd.nist.gov/vuln/detail/CVE-2024-12225) (embargo will be lifted soon) - WebAuthn - The callback endpoint was enabled by default. It now requires to be [explicitly configured](https://quarkus.io/version/3.15/guides/security-webauthn#configuration). [CVE-2025-1634](https://nvd.nist.gov/vuln/detail/CVE-2025-1634) (not published yet) - RESTEasy Classic - RESTEasy Classic endpoints may be affected by memory leaks. If you are exposing REST endpoints publicly using the quarkus-resteasy extension, the update is highly recommended. Quarkus REST is NOT affected by this CVE. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
