Product Release Advisory -VMware Tanzu Gemfire
25543
26 March 2025
26 March 2025
CLOSED
CRITICAL
10.0
Multiple - see advisory
Product Release Advisory
|
Advisory ID: |
TNZ-2025-016 |
|
Severity: |
Critical |
|
Issue Date: |
2025-03-21 |
|
Updated on: |
2025-03-26 |
|
Synopsis |
Bumped multiple dependencies, which resulted in at least 6 CVEs remediated in this release |
Product Version Release Advisory
- VMware Tanzu GemFire 10.1.3
- https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-1/gf/release_notes.html
Security Fixes
This release has the following security fixes, listed by component and area.
|
Component |
Vulnerabilities Resolved |
|
DOMPurify |
CVE-2024-47875 (critical) CVE-2024-45801 (high) |
|
Netty |
CVE-2024-47535 (medium) |
|
Jetty |
CVE-2024-8184 (medium) |
History
2025-03-26: Initial vulnerability report published.
Contact
E-mail: [email protected]
VMware Tanzu Security Advisories
https://support.broadcom.com/group/ecx/security-advisory?segment=VT