Replies: 1 comment 2 replies
-
The release process will start soon. It takes about 1-2 weeks from starting of the release process to it take it to completion.
Yes. For branch-4.2, the Alpine image is pulled with 3.23 tag and |
Beta Was this translation helpful? Give feedback.
-
|
Alright Got it @lhotari. Thanks |
Beta Was this translation helpful? Give feedback.
-
|
release process has been started: https://lists.apache.org/thread/3vm69yz5cdfdbxql2r5bl4zsobr0t34x . In Apache projects, such as the Apache Pulsar project, release decisions are made on the dev mailing list. There are details for joining the mailing list at https://pulsar.apache.org/contact/#mailing-lists. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Community,
I’ve been tracking the recent security issues, and it’s great to see that most core-related high vulnerabilities have already been resolved in the current planned 4.2.1 release.
However, there are some OS-level vulnerabilities in the docker images, while these are not in the Pulsar code itself, they reside in the underlying packages:
CVE-2026-3104 & CVE-2026-1519 (High): Impacts bind-tools. Fixed in v9.20.21-r0.
CVE-2026-3805 (High): Impacts libcurl (Use-After-Free in SMB). Fixed in v8.19.0.
Is there a planned release date for v4.2.1 that will include an updated base image to resolve these?
I am assuming these will be automatically resolved when the new Docker images are cut for the next patch release, but confirmation would help us align with our internal compliance deadlines.
Beta Was this translation helpful? Give feedback.
All reactions