-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Open Liberty 20.0.0.4 Runtime security update Advisory ID: RHSA-2020:1428-01 Product: Open Liberty Advisory URL: https://access.redhat.com/errata/RHSA-2020:1428 Issue date: 2020-04-13 ===================================================================== 1. Summary: Open Liberty 20.0.0.4 Runtime is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 20.0.0.4 serves as a replacement for Open Liberty 20.0.0.3 and includes security fixes, bug fixes, and enhancements. For specific information about this release, see links in the References section. Security Fix(es): * WebSphere Application Server Liberty is vulnerable to Cross-site Scripting (CVE-2020-4303, CVE-2020-4304) For more details about the security issue(s), see the IBM Security Bulletin links for each CVE, listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. JIRA issues fixed (https://issues.jboss.org/): IBMRT-24 - Include Open Liberty 20.0.0.4 into Red Hat Runtimes 5. References: https://access.redhat.com/security/updates/classification/#moderate https://www.ibm.com/support/pages/node/6147195 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=open.liberty&version=20.0.0.4 https://access.redhat.com/documentation/en-us/open_liberty/2020/ 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXpSyAtzjgjWX9erEAQjH3g//Ya4x8qgxt1wW+wD///d0atLfeb/Gn+gL l8k3USLGMw0NHX/z36tHOw39/Zb9PCvF7SgL2nP4rQxxpWJbeGzAzrNbgXd25Ki5 hvvdW2zWoJn2LzpeyLTv81PEzmxJP4vuwn/JOfuYDi2XcSkCZbNxkmBAqhtPOi3l 4wlL4+dJArNXCxf2grvqlIommEoEl9uzgqQOwBuMW9I0nLSGoZh43LYDGuTit9uZ 3bzUUIwJmrY61BntmhJIccSqYdBhrb2okQrIDHz3Lc1cKdcH74ock8nV8PNwRVOV w2itfaHjXG2LmA2liRJOeP0xyonbl9resSohPZ5dnOqK2oGowJVtb0f01FMnNRf0 QKANqfXuiyGQXtr+EANKJMRO6iuWczoMGxRWcXUKcYF4VtOGhfSma5V4x87xQGkY XiifzmsojVUfsxxT8UG9hPWPUWYqQdeu2NMGKpQqDnlg21EERSYBl0qc40aPxrzL lEHQZAZmtGzH34oeZmOyT3a0japEyrwkH1TPNfwQ4Y0Fo4jC4pXVvbSgHouRK9Xg ziW6m/t/daJLIA8qXqgwtd9gq1fTvIifHXWNnnIgH1Nhb7UZowUWVOMXstuAsILk 4/bKw4DNraZ023VFAlyyyDYP3+aWdGqgQQDSheJ9IqzYavTgg3IXsVJ1JQ+R7nl+ aCAzTHBRBsU= =3Czo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce