https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Bug ID: 1857024 Summary: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: jwon@redhat.com CC: aboyko@redhat.com, aileenc@redhat.com, akoufoud@redhat.com, alazarot@redhat.com, alee@redhat.com, almorale@redhat.com, anstephe@redhat.com, asoldano@redhat.com, atangrin@redhat.com, avibelli@redhat.com, bbaranow@redhat.com, bgeorges@redhat.com, bmaxwell@redhat.com, brian.stansberry@redhat.com, cdewolf@redhat.com, chazlett@redhat.com, cmoulliard@redhat.com, coolsvap@gmail.com, csutherl@redhat.com, darran.lofthouse@redhat.com, dbecker@redhat.com, dkreling@redhat.com, dosoudil@redhat.com, drieden@redhat.com, etirelli@redhat.com, ggaughan@redhat.com, gmalinko@redhat.com, gzaronik@redhat.com, hhorak@redhat.com, huwang@redhat.com, ibek@redhat.com, ikanello@redhat.com, ivan.afonichev@gmail.com, iweiss@redhat.com, janstey@redhat.com, java-sig-commits@lists.fedoraproject.org, jawilson@redhat.com, jbalunas@redhat.com, jclere@redhat.com, jjoyce@redhat.com, jochrist@redhat.com, jolee@redhat.com, jorton@redhat.com, jpallich@redhat.com, jperkins@redhat.com, jschatte@redhat.com, jschluet@redhat.com, jstastny@redhat.com, jwon@redhat.com, kbasil@redhat.com, krathod@redhat.com, krzysztof.daniel@gmail.com, kverlaen@redhat.com, kwills@redhat.com, lgao@redhat.com, lhh@redhat.com, lpeer@redhat.com, lthon@redhat.com, mbabacek@redhat.com, mburns@redhat.com, mizdebsk@redhat.com, mkolesni@redhat.com, mnovotny@redhat.com, msochure@redhat.com, msvehla@redhat.com, mszynkie@redhat.com, myarboro@redhat.com, nwallace@redhat.com, paradhya@redhat.com, pgallagh@redhat.com, pjindal@redhat.com, pmackay@redhat.com, psotirop@redhat.com, rguimara@redhat.com, rhcs-maint@redhat.com, rrajasek@redhat.com, rruss@redhat.com, rstancel@redhat.com, rsvoboda@redhat.com, rsynek@redhat.com, sclewis@redhat.com, scohen@redhat.com, sdaley@redhat.com, slinaber@redhat.com, smaestri@redhat.com, tom.jenkinson@redhat.com, vhalbert@redhat.com, weli@redhat.com Blocks: 1857013 Target Milestone: --- Classification: Other
A flaw was found in the Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
It affects the version of Apache Tomcat 10.0.0-M1 to 10.0.0-M6, Apache Tomcat 9.0.0.M1 to 9.0.36, Apache Tomcat 8.5.0 to 8.5.56, and Apache Tomcat 7.0.27 to 7.0.104.
Upstream commits:
Tomcat 10.0: https://github.com/apache/tomcat/commit/1c1c77b0efb667cea80b532440b44cea1dc4... Tomcat 9.0: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926... Tomcat 8.5: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc0... Tomcat 7.0: https://github.com/apache/tomcat/commit/f9f75c14678b68633f79030ddf4ff827f014..., https://github.com/apache/tomcat/commit/4c04982870d6e730c38e21e58fb653b7cf72...
Reference: http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4...
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #1 from Ted (Jong Seok) Won jwon@redhat.com --- External References:
http://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4... http://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7 http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37 http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #3 from Ted (Jong Seok) Won jwon@redhat.com --- This vulnerability is out of security support scope for the following product: * Red Hat JBoss Data Virtualization 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #4 from Ted (Jong Seok) Won jwon@redhat.com --- This vulnerability is out of security support scope for the following products: * Red Hat Enterprise Application Platform 6 * Red Hat Data Grid 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #8 from Jonathan Christison jochrist@redhat.com --- Red Hat Jboss Fuse 6 ships some of the vulnerable artifacts as bundled artifacts in ops4j pax web, however there is no use of these artifacts in Fuse itself, the artifacts are also prevented from loading with a deny list in karaf, for these reasons we believe the impact upon Fuse 6.3 is low.
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse 6
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1857460, 1857461
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #11 from Todd Cullum tcullum@redhat.com --- This vulnerability is out of security support scope for the following product: * Red Hat Software Collections Common Java Packages
Please see https://access.redhat.com/support/policy/updates/rhscl and https://access.redhat.com/support/policy/updates/rhscl-rhel7 for more details
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |cbuissar@redhat.com Flags| |needinfo?(cbuissar@redhat.c | |om)
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Anten Skrabec askrabec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1857497
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #15 from Anten Skrabec askrabec@redhat.com --- Red Hat OpenStack Platform 13 is affected as it ships tomcat-embed-websockets 8.0.46, which does not include the check for `payloadLength < 0` in `processRemainingHeader()`.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Cedric Buissart 🐶 cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(cbuissar@redhat.c | |om) |
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #19 from Cedric Buissart 🐶 cbuissar@redhat.com --- Statement:
Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8's Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there are no entry point for WebSockets, and thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Cedric Buissart 🐶 cbuissar@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1858315
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Jim Lyle jlyle@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jlyle@redhat.com Doc Type|--- |If docs needed, set a value
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #21 from Todd Cullum tcullum@redhat.com --- Mitigation:
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Bin Hu bihu@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |bihu@redhat.com Flags| |needinfo?(jwon@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Kunjan Rathod krathod@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1861193, 1861194
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Kunjan Rathod krathod@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(jwon@redhat.com) |
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Romain Pelisse rpelisse@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |rpelisse@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #28 from Anten Skrabec askrabec@redhat.com --- Changing OpenStack Platform 13 to affected/wontfix as we ship the vulnerable code but it is not used by default.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #29 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Web Server 3 for RHEL 7 Red Hat JBoss Web Server 3 for RHEL 6
Via RHSA-2020:3303 https://access.redhat.com/errata/RHSA-2020:3303
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:3303
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #30 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Web Server
Via RHSA-2020:3305 https://access.redhat.com/errata/RHSA-2020:3305
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:3305
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #31 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Web Server 5.3 on RHEL 7 Red Hat JBoss Web Server 5.3 on RHEL 6 Red Hat JBoss Web Server 5.3 on RHEL 8
Via RHSA-2020:3306 https://access.redhat.com/errata/RHSA-2020:3306
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:3306
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #32 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Web Server
Via RHSA-2020:3308 https://access.redhat.com/errata/RHSA-2020:3308
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:3308
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |ERRATA Last Closed| |2020-08-04 13:27:50
--- Comment #33 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-13935
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #34 from Anten Skrabec askrabec@redhat.com --- Statement:
Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8's Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there are no entry point for WebSockets, and thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code. Similarly, Red Hat OpenStack Platform 13 does not ship with websocket functionality enabled by default.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Doran Moppert dmoppert@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1867432
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1867432 [Bug 1867432] CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #35 from Doran Moppert dmoppert@redhat.com --- Created tomcat tracking bugs for this issue:
Affects: fedora-all [bug 1867432]
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #36 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 6.4 async
Via RHSA-2020:3382 https://access.redhat.com/errata/RHSA-2020:3382
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:3382
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #37 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
Via RHSA-2020:3383 https://access.redhat.com/errata/RHSA-2020:3383
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:3383
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Kunjan Rathod krathod@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On|1861194 |
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #41 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Runtimes Spring Boot 2.2.6
Via RHSA-2020:3806 https://access.redhat.com/errata/RHSA-2020:3806
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:3806
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #42 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:4004 https://access.redhat.com/errata/RHSA-2020:4004
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:4004
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHBA-2020:4124
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHBA-2020:4123
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHBA-2020:4122
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHBA-2020:4169
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHBA-2020:4241
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHBA-2020:4345
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Huzaifa S. Sidhpurwala huzaifas@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1910710
https://bugzilla.redhat.com/show_bug.cgi?id=1857024 Bug 1857024 depends on bug 1867432, which changed state.
Bug 1867432 Summary: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1867432
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #44 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat Fuse 7.9
Via RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2021:3140
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability.
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Joshua Mulliken jmullike@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |pdrozd@redhat.com, | |sthorger@redhat.com
--- Comment #45 from Joshua Mulliken jmullike@redhat.com --- Adding RHSSO. A vulnerable version of tomcat-api was detected in a newly generated BOM:
{ "group": "org.apache.tomcat", "name": "tomcat-api", "version": "7.0.92", "description": "Definition of interfaces shared by Catalina and Jasper", "hashes": [ { "alg": "MD5", "content": "beeba9a893d8f9b1fb6030c85936d8f0" }, { "alg": "SHA-1", "content": "8be254a4fe5bbba7495a78f835053ce1e1846c54" }, { "alg": "SHA-256", "content": "d661c70a1719eba641925adac4994ad4dca0e2e43a9ea402b4ca4a9abf29d0f3" }, { "alg": "SHA-384", "content": "5e5fe33329bd24d715ff810874ae1f09014f25e7ecc5a9f105e72477c14a29e6d8d7f6b8b5a930eea7ebe9235232e048" }, { "alg": "SHA-512", "content": "293f3ddf3aa232d61cc7cd44594bd3457aebaafec00bab5414097ab318d79f6584c293a33944e036e582c952e0b60fc5a11681a6329913b9d3d04568763f459b" }, { "alg": "SHA3-256", "content": "7a29bdac2f51d7819594c72862c579b379c99dedf9ac2de492b4298a6a549230" }, { "alg": "SHA3-384", "content": "d354f751ad6627345fb60ee0f326904a356035c46f822b2d3809d8790b47cb275c445fad641b6835c0ab570d38323792" }, { "alg": "SHA3-512", "content": "4bdcb5a5bd7538382e4d8f2d8ba8be17786162b7afc16cdcac15817adc143eeeb02329584951eb05937907a1d6a5e4a52c9c329cdd37881e99a2fd08f666a7bc" } ], "licenses": [ { "license": { "id": "Apache-2.0" } } ], "purl": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.92?type=jar", "type": "library", "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-api@7.0.92?type=jar" }
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Joshua Mulliken jmullike@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jmullike@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
Paramvir jindal pjindal@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|aboyko@redhat.com, | |pdrozd@redhat.com, | |sthorger@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #47 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
EAP 6.4.24 release
Via RHSA-2022:5458 https://access.redhat.com/errata/RHSA-2022:5458
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:5458
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #48 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
Via RHSA-2022:5459 https://access.redhat.com/errata/RHSA-2022:5459
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:5459
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
--- Comment #49 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
Via RHSA-2022:5460 https://access.redhat.com/errata/RHSA-2022:5460
https://bugzilla.redhat.com/show_bug.cgi?id=1857024
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:5460
java-sig-commits@lists.stg.fedoraproject.org