Security
Reporting Security Issues
If you have concerns regarding Fluss's security or discover a vulnerability or potential threat, please contact the Apache Security Team by sending an email to security@apache.org.
In the email, specify the project name Fluss and include a description of the issue or potential threat. You are also encouraged to include steps to reproduce the issue. The security team and the Fluss community will get back to you after assessing and analyzing the findings.
PLEASE PAY ATTENTION to report the security issue privately to security@apache.org before disclosing it publicly.
Security Updates
This section lists fixed vulnerabilities in Fluss.
| CVE ID | Affected Fluss versions | Notes |
|---|---|---|
| CVE-2026-49361 | 0.8.0, 0.9.0 | Users are advised to upgrade to Fluss 0.9.1 or later versions. See the advisory for details. |