Red Hat Security Advisory: Red Hat Single Sign-On 7.4.1 security update

CVE-2020-1694 — keycloak: verify-token-audience support is missing in the NodeJS adapter CVE-2020-1714 — keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution CVE-2020-8840 — jackson-databind: Lacks certain xbean-reflect/JNDI blocking CVE-2020-9546 — jackson-databind: Serialization gadgets in shaded-hikari-config CVE-2020-9547 — jackson-databind: Serialization gadgets in ibatis-sqlmap CVE-2020-9548 — jackson-databind: Serialization gadgets in anteros-core CVE-2020-10719 — undertow: invalid HTTP request with large chunk size CVE-2020-10748 — keycloak: top-level navigations to data URLs resulting in XSS are possible (incomplete fix of CVE-2020-1697) CVE-2020-10969 — jackson-databind: Serialization gadgets in javax.swing.JEditorPane CVE-2020-11022 — jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method CVE-2020-11023 — jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods