An update is now available for Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having an important security
 impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability.
For more information, see the CVE links in the References section.

This release of Red Hat Build of Quarkus 3.15.3.SP1 includes security updates.
For more information, see the release notes page listed in the References
 section.

Security Fix(es):

* io.netty/netty-handler: SslHandler doesn't correctly validate packets,
 which can lead to a native crash when using native SSLEngine (CVE-2025-24970)

* io.quarkus/quarkus-rest: Quarkus REST Endpoint Request Parameter Leakage Due
 to Shared Instance (CVE-2025-1247)

* io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When
 Client Requests Timeout (CVE-2025-1634)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-1247: Exposure of Data Element to Wrong Session (CWE-488)
CVE-2025-1634: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2025-24970: Improper Input Validation (CWE-20)