We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. Reference: https://www.openwall.com/lists/oss-security/2022/05/31/2
This issue has been addressed in the following products: RHINT Camel-K 1.8.1 Via RHSA-2022:7257 https://access.redhat.com/errata/RHSA-2022:7257
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-30973