GitHub user zer3fD created a discussion: OS-level Vulnerabilities (CVE-2026-3104, CVE-2026-3805) and 4.2.1 Release Timeline
Hi Community, I’ve been tracking the recent security issues, and it’s great to see that most core-related high vulnerabilities have already been resolved in the current planned 4.2.1 release. However, there are some OS-level vulnerabilities in the docker images, while these are not in the Pulsar code itself, they reside in the underlying packages: CVE-2026-3104 & CVE-2026-1519 (High): Impacts bind-tools. Fixed in v9.20.21-r0. CVE-2026-3805 (High): Impacts libcurl (Use-After-Free in SMB). Fixed in v8.19.0. Is there a planned release date for v4.2.1 that will include an updated base image to resolve these? I am assuming these will be automatically resolved when the new Docker images are cut for the next patch release, but confirmation would help us align with our internal compliance deadlines. GitHub link: https://github.com/apache/pulsar/discussions/25553 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
