This is an automated email from the ASF dual-hosted git repository.
wuchong pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/fluss.git
The following commit(s) were added to refs/heads/main by this push:
new 9f493fa86 [website] Add Security Updates table to security page (#3408)
9f493fa86 is described below
commit 9f493fa86cce5f1a59b080152fd542e267e06f0b
Author: Jark Wu <[email protected]>
AuthorDate: Sun May 31 10:53:56 2026 +0800
[website] Add Security Updates table to security page (#3408)
Add a Security Updates section listing fixed Fluss CVEs, modeled after the
Flink security page. The first entry covers CVE-2026-49361 (Netty frame
decoder memory exhaustion) affecting 0.8.0 and 0.9.0, fixed in 0.9.1.
Co-authored-by: Claude Opus 4.7 <[email protected]>
---
website/community/security.md | 29 ++++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/website/community/security.md b/website/community/security.md
index 38a8765b3..86a1ed469 100644
--- a/website/community/security.md
+++ b/website/community/security.md
@@ -11,4 +11,31 @@ If you have concerns regarding Fluss's security or discover
a vulnerability or p
In the email, specify the project name **Fluss** and include a description of
the issue or potential threat. You are also encouraged to include steps to
reproduce the issue. The security team and the Fluss community will get back to
you after assessing and analyzing the findings.
-**PLEASE PAY ATTENTION** to report the security issue privately to
**[email protected]** before disclosing it publicly.
\ No newline at end of file
+**PLEASE PAY ATTENTION** to report the security issue privately to
**[email protected]** before disclosing it publicly.
+
+## Security Updates
+
+This section lists fixed vulnerabilities in Fluss.
+
+<table class="table table-bordered">
+ <thead>
+ <tr>
+ <th class="text-left" width="200">CVE ID</th>
+ <th class="text-left" width="250">Affected Fluss versions</th>
+ <th class="text-left" width="550">Notes</th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td>
+ <a
href="https://www.cve.org/CVERecord?id=CVE-2026-49361">CVE-2026-49361</a>
+ </td>
+ <td>
+ 0.8.0, 0.9.0
+ </td>
+ <td>
+ Users are advised to upgrade to Fluss 0.9.1 or later versions. See the
<a
href="https://lists.apache.org/thread/dccw6tj0njwtmvbftq13mw7fdhsok373">advisory</a>
for details.
+ </td>
+ </tr>
+ </tbody>
+</table>
\ No newline at end of file