Updated container images are now available for Discovery 1.12.

The Discovery container images provided by this update can be downloaded from
 the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to these new images
 specifically, or to the latest images generally.

Fixed CVEs:
CVE-2024-39338
CVE-2024-56201
CVE-2024-45590
CVE-2024-41991
CVE-2024-42005
CVE-2024-41989
CVE-2024-8775
CVE-2024-43799
CVE-2024-43796
CVE-2024-43800
CVE-2024-45296
CVE-2024-43788
CVE-2024-21536
CVE-2024-56326
CVE-2024-21538
CVE-2020-11023
CVE-2024-55565
CVE-2023-44270
CVE-2024-6485
CVE-2024-53907
CVE-2024-56374
CVE-2024-52798
CVE-2024-31449
CVE-2024-46981
CVE-2024-31228

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-11023: Improper Neutralization of Input During Web Page Generation
 ('Cross-site Scripting') (CWE-79)
CVE-2023-44270: Improper Neutralization of CRLF Sequences ('CRLF
 Injection') (CWE-93)
CVE-2024-6485: Improper Neutralization of Input During Web Page Generation
 ('Cross-site Scripting') (CWE-79)
CVE-2024-8775: Insertion of Sensitive Information into Log File (CWE-532)
CVE-2024-21536: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-21538: Inefficient Regular Expression Complexity (CWE-1333)
CVE-2024-31228: Uncontrolled Recursion (CWE-674)
CVE-2024-31449: Improper Input Validation (CWE-20)
CVE-2024-39338: Server-Side Request Forgery (SSRF) (CWE-918)
CVE-2024-41989: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-41991: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-42005: Improper Neutralization of Special Elements used in an SQL
 Command ('SQL Injection') (CWE-89)
CVE-2024-43788: Improper Neutralization of Input During Web Page Generation
 ('Cross-site Scripting') (CWE-79)
CVE-2024-43796: Improper Neutralization of Input During Web Page Generation
 ('Cross-site Scripting') (CWE-79)
CVE-2024-43799: Improper Neutralization of Input During Web Page Generation
 ('Cross-site Scripting') (CWE-79)
CVE-2024-43800: Improper Neutralization of Input During Web Page Generation
 ('Cross-site Scripting') (CWE-79)
CVE-2024-45296: Inefficient Regular Expression Complexity (CWE-1333)
CVE-2024-45590: Asymmetric Resource Consumption (Amplification) (CWE-405)
CVE-2024-46981: Use After Free (CWE-416)
CVE-2024-52798: Inefficient Regular Expression Complexity (CWE-1333)
CVE-2024-53907: CWE-1169 (CWE-1169)
CVE-2024-55565: Loop with Unreachable Exit Condition ('Infinite Loop')
 (CWE-835)
CVE-2024-56201: Improper Neutralization of Escape, Meta, or Control Sequences
 (CWE-150)
CVE-2024-56326: Protection Mechanism Failure (CWE-693)
CVE-2024-56374: Allocation of Resources Without Limits or Throttling (CWE-770)