The Connection Broker includes packages that are maintained by RHEL/CentOS repositories. Some packages, like Perl or OpenSSL, may be marked as having a vulnerability by a security scan. In cases like this, it's important to check whether Red Hat has taken the fix from a more recent upstream software package and backported it to an older version of the package they distribute. You can find out based on specific CVEs using Red Hat's CVE database.
Often times, running a yum update (version 9) or dnf update (version 202x) will be enough to apply all the latest security patches. For updates to packages maintained by Leostream, such as Apache, please update your Connection Broker software and verify if a newer version was installed.
© Copyright 2023 Leostream Corporation