The Apache MINA project is pleased to announce the release of: - Apache MINA 2.2.6 - Apache MINA 2.1.11 - Apache MINA 2.0.28
This is a security release that fixes 2 CVE: - CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data (https://www.cve.org/CVERecord?id=CVE-2026-41409) - CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (https://www.cve.org/CVERecord?id=CVE-2026-41635) It affects the applications that use the AbstractIoBuffer.getObject() method to deserialize the Java classes that are sent by a client. Those applications should upgrade to the released version. -- Regards, Cordialement, Emmanuel Lécharny www.worteks.com --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
