From 8891a84b7acb894027bcca2a95e9c21c8c31224a Mon Sep 17 00:00:00 2001 From: Jark Wu Date: Sun, 31 May 2026 00:04:03 +0800 Subject: [PATCH] [website] Add Security Updates table to security page Add a Security Updates section listing fixed Fluss CVEs, modeled after the Flink security page. The first entry covers CVE-2026-49361 (Netty frame decoder memory exhaustion) affecting 0.8.0 and 0.9.0, fixed in 0.9.1. Co-Authored-By: Claude Opus 4.7 --- website/community/security.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/website/community/security.md b/website/community/security.md index 38a8765b32..86a1ed4693 100644 --- a/website/community/security.md +++ b/website/community/security.md @@ -11,4 +11,31 @@ If you have concerns regarding Fluss's security or discover a vulnerability or p In the email, specify the project name **Fluss** and include a description of the issue or potential threat. You are also encouraged to include steps to reproduce the issue. The security team and the Fluss community will get back to you after assessing and analyzing the findings. -**PLEASE PAY ATTENTION** to report the security issue privately to **security@apache.org** before disclosing it publicly. \ No newline at end of file +**PLEASE PAY ATTENTION** to report the security issue privately to **security@apache.org** before disclosing it publicly. + +## Security Updates + +This section lists fixed vulnerabilities in Fluss. + + + + + + + + + + + + + + + + +
CVE IDAffected Fluss versionsNotes
+ CVE-2026-49361 + + 0.8.0, 0.9.0 + + Users are advised to upgrade to Fluss 0.9.1 or later versions. See the advisory for details. +
\ No newline at end of file