Red Hat multicluster global hub 1.3.3 general availability release, with
updates to container images and bug fixes.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
 from the CVE links in the References section.

Red Hat multicluster global hub 1.3.3 images

This advisory contains the container images for Red Hat multicluster
global hub. These container images provide enhancements. 

Security fix(es):

* golang.org/x/oauth2: Unexpected memory consumption during token parsing in
golang.org/x/oauth2 (CVE-2025-22868)
* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of
golang.org/x/crypto/ssh (CVE-2025-22869)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-22868: Improper Validation of Syntactic Correctness of Input
 (CWE-1286)
CVE-2025-22869: Allocation of Resources Without Limits or Throttling (CWE-770)