===================================================================== CERT-Renater Note d'Information No. 2024/VULN415 _____________________________________________________________________ DATE : 08/10/2024 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache Pulsar versions prior to 3.3.2. ===================================================================== https://lists.apache.org/thread/mkx92cvt9mx9cx4dg4wm5wn4thorb6ff _____________________________________________________________________ [ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561 The Apache Pulsar team is proud to announce Apache Pulsar version 3.3.2. This release includes an important security fix for an RCE vulnerability in Avro Java SDK <1.11.4, CVE-2024-47561. The Avro Java SDK is included in Pulsar's server-side components as well as in the Pulsar Java client. All Pulsar users are advised to upgrade to Apache Pulsar version 3.0.7 or 3.3.2. Please follow Pulsar Security Advisories for updated information: https://pulsar.apache.org/security/ Pulsar is a highly scalable, low latency messaging platform running on commodity hardware. It provides simple pub-sub semantics over topics, guaranteed at-least-once delivery of messages, automatic cursor management for subscribers, and cross-datacenter replication. For Pulsar release details and downloads, visit: https://pulsar.apache.org/download Apache Pulsar 3.3.2 artifacts are also available in Maven Central. Release Notes are at: https://pulsar.apache.org/release-notes/versioned/pulsar-3.3.2/ We would like to thank the contributors that made the release possible. Regards, The Pulsar Team ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================