This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pulsar-site.git
The following commit(s) were added to refs/heads/main by this push:
new f96323afbbf2 Add reference to CVE-2024-47561 mailing list thread to
security advisories
f96323afbbf2 is described below
commit f96323afbbf273f824cabb3250f76905e8f85cf7
Author: Lari Hotari <[email protected]>
AuthorDate: Fri Oct 4 10:48:08 2024 +0300
Add reference to CVE-2024-47561 mailing list thread to security advisories
---
security/index.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/security/index.md b/security/index.md
index 1de45391efae..daef118cf381 100644
--- a/security/index.md
+++ b/security/index.md
@@ -10,8 +10,12 @@ It is the responsibility of the security vulnerability
handling project team (Ap
## Security advisories
+Please subscribe to the [[email protected] mailing
list](https://lists.apache.org/[email protected]) to receive
Apache Pulsar security advisories when they are published.
+For instructions on how to subscribe, please see
https://pulsar.apache.org/contact/.
+
### 2024
+* 2024-10-04 [Expediting Pulsar releases 3.0.7 and 3.3.2 due to critical RCE
vulnerability in Avro Java SDK <1.11.4,
CVE-2024-47561](https://lists.apache.org/thread/ptb227lw8lljw5zv7z2qo2mx9xxoyl5c)
* 2024-04-02 [CVE-2024-29834](CVE-2024-29834.md) Improper Authorization For
Namespace and Topic Management Endpoints
* 2024-03-12 [CVE-2022-34321](CVE-2022-34321.md) Improper Authentication for
Pulsar Proxy Statistics Endpoint
* 2024-03-12 [CVE-2024-27135](CVE-2024-27135.md) Improper Input Validation in
Pulsar Function Worker allows Remote Code Execution
