Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.6 security update

CVE-2025-14813 — bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly CVE-2025-23368 — org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI CVE-2026-0636 — bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java CVE-2026-3505 — bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion CVE-2026-5588 — bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid CVE-2026-5598 — bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons CVE-2026-26996 — minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-27446 — org.apache.artemis:artemis-server: org.apache.activemq:artemis-server: Apache Artemis, Apache ActiveMQ Artemis: Message injection and exfiltration due to missing authentication CVE-2026-27727 — com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects CVE-2026-27830 — c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects CVE-2026-27904 — minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions CVE-2026-33870 — io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values CVE-2026-33871 — netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood