Resolved issues
{ProductName} ({ProductShortName}) 1.2.5 resolves the following issues:
A loop with an unreachable exit condition, meaning an Infinite Loop, vulnerability, was found in Apache Common Compress. This issue could have led to a denial of service. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to {ProductShortName} 1.2.5, which resolves this issue.
For more details, see (CVE-2024-25710).
An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue could lead to an out-of-memory error (OOM). This issue affects Apache Commons Compress, from 1.21 to 1.26. Users are recommended to upgrade to {ProductShortName} 1.2.5, which resolves this issue.
For more details, see (CVE-2024-26308).
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in Transmission Control Protocol (TCP) servers configured with TLS and SNI support. When processing an unknown Server Name Indication (SNI) server name assigned the default certificate instead of a mapped certificate, the Secure Sockets Layer (SSL) context is erroneously cached in the server name map, leading to memory exhaustion. This affects only TLS servers with SNI enabled. Users are recommended to upgrade to {ProductShortName} 1.2.5, which resolves this issue.
For more details, see (CVE-2024-1300).
For a complete list of all issues resolved in this release, see the list of MTR 1.2.5 resolved issues in Jira.