Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN650 _____________________________________________________________________ DATE : 18/06/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running MariaDB versions prior to 10.6.27, 10.11.18, 11.4.12, 11.8.8. ===================================================================== https://mariadb.org/mariadb-community-server-corrective-releases/ _____________________________________________________________________ MariaDB Community Server corrective releases are now available for the currently maintained long-term series. These releases address critical CVEs, and we strongly recommend that all users review the security advisories and upgrade as soon as possible. MariaDB 10.6.27 MariaDB 10.11.18 MariaDB 11.4.12 MariaDB 11.8.8 These are Stable (GA) releases and are recommended for users running the corresponding MariaDB Server series. They have been available on our repositories since May 26. Please note that the versions quickly released after the previous release on May 18th are corrective releases. More info in the next section. As usual with maintenance releases, the goal is not to introduce surprises. The goal is the opposite: fewer surprises in production, better stability, and important fixes made available to users who rely on MariaDB every day. But this time, and this is exceptional, we needed to deliver an urgent security fix for all our Galera users. We also released our latest LTS, 12.3; see the announcement. It is not affected by the security problem. Corrective Releases Why do we suddenly release Community Server just a couple of weeks after a planned Q2 release? These just-released versions are corrective releases of MariaDB Community Server 10.6, 10.11, 11.4, and 11.8 following the previous releases from May 18th (10.6.26, 10.11.17, 11.4.11, and 11.8.7). These new versions include fixes for high-severity security vulnerabilities reported for MariaDB Cluster (Galera), as defined in MariaDB Foundation’s security policy (see https://mariadb.org/about/#security-policy). The related CVEs are CVE-2026-49261, CVE-2026-48165, and CVE-2026-48163. Here is the list of the advisories: unsafe parameter handing in wsrep_notify_cmd unsafe usage of wsrep_sst_receive_address values on the joiner side wsrep SST unsafe parameter handling on the donor side (rsync) As you can see, the engineering team responded quickly, and new versions were rolled out without delay. If you are a Galera user, you are strongly recommended to upgrade ASAP! The Security Vulnerabilities fixed in MariaDB Community Server are also listed here. Why LTS releases matter A database server is not only about new features. Of course, new features are nice, and we all like to test them, write about them, and sometimes even argue about them. But in some environments, stability is most important, and considerable time may be required before moving to the latest main version. However, it’s also very important to keep those releases up to date. So I highly recommend that you review the release notes and changelogs carefully and plan your upgrade as part of your usual maintenance process. Available releases MariaDB 11.8.8 MariaDB 11.8 is a long-term release series, and 11.8.8 is the latest maintenance release for users on that branch. Users of MariaDB 11.8 should review the release notes and changelog and upgrade to 11.8.8 after testing in their own environment. Resources: Release notes: https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8 Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/11.8/11.8.8 MariaDB 11.4.12 MariaDB 11.4 is also a long-term release series and remains an important choice for users who want a stable MariaDB 11.x foundation. MariaDB 11.4.12 brings the latest corrections for this branch. Resources: Release notes: https://mariadb.com/docs/release-notes/community-server/11.4/11.4.12 Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/11.4/11.4.12 MariaDB 10.11.18 MariaDB 10.11 remains widely used and is a very important long-term series for many installations. MariaDB 10.11.18 includes the latest fixes for this branch and is recommended for users currently running MariaDB 10.11. Resources: Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.18 Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/10.11/10.11.18 MariaDB 10.6.27 MariaDB 10.6 has served the community for a long time. If you are still running MariaDB 10.6, this maintenance release is important, but it is also a good moment to remember that MariaDB 10.6 is approaching the end of its maintenance lifetime, as it’s July 6, 2026. So yes, upgrade to 10.6.27 if you are staying on 10.6 for now, but also start planning your move to a newer long-term series. Resources: Release notes: https://mariadb.com/docs/release-notes/community-server/10.6/10.6.27 Changelog: https://mariadb.com/docs/release-notes/community-server/changelogs/10.6/10.6.27 Thank you Maintenance releases are not always the most visible part of an open-source project, but they are among the most important. And even more important when they fix critical security problems. They represent the daily work of developers, testers, package maintainers, bug reporters, documentation contributors, and users who take the time to provide feedback. So thank you to everyone involved in keeping MariaDB Server open, reliable, and available for the community. Enjoy MariaDB! ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================