This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/incubator-hugegraph-doc.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 77e52082 chore: update security.md with new CVE entries (#439)
49d507629ecab3816a8c22994da84211e02453bb
77e52082 is described below
commit 77e52082a25e55183e47417602860a5881bb1d6c
Author: imbajin <[email protected]>
AuthorDate: Fri Dec 12 08:29:03 2025 +0000
chore: update security.md with new CVE entries (#439)
49d507629ecab3816a8c22994da84211e02453bb
---
cn/docs/_print/index.html | 2 +-
cn/docs/guides/_print/index.html | 2 +-
cn/docs/guides/index.xml | 2 ++
cn/docs/guides/security/index.html | 8 ++++----
cn/sitemap.xml | 2 +-
docs/_print/index.html | 2 +-
docs/guides/_print/index.html | 2 +-
docs/guides/index.xml | 2 ++
docs/guides/security/index.html | 6 +++---
en/sitemap.xml | 2 +-
sitemap.xml | 2 +-
11 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/cn/docs/_print/index.html b/cn/docs/_print/index.html
index 965f0ae1..8b729850 100644
--- a/cn/docs/_print/index.html
+++ b/cn/docs/_print/index.html
@@ -9107,7 +9107,7 @@ HugeGraph目前采用EdgeCut的分区方案。</p><h3 id=3-vertexid-策略>3. Ve
</span></span><span style=display:flex><span>& | %26
</span></span><span style=display:flex><span>= | %3D
</span></span></code></pre></div></li><li><p>查询某一类别的顶点或边(<code>query by
label</code>)时提示超时</p><p>由于属于某一label的数据量可能比较多,请加上limit限制。</p></li><li><p>通过<code>RESTful
API</code>操作图是可以的,但是发送<code>Gremlin</code>语句就报错:<code>Request
Failed(500)</code></p><p>可能是<code>GremlinServer</code>的配置有误,检查<code>gremlin-server.yaml</code>的<code>host</code>、<code>port</code>是否与<code>rest-server.properties</code>的<code>gremlinserver.url</code>匹配,如不匹配则修改,然后重启服务。</p></li><li><p>使用<code>Loader</code>导数据出现<code>Sock
[...]
-或是 <code>HugeGraph-Dev</code> 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。</p><p>独立的安全邮件 (组)
地址为:
<code>[email protected]</code></p><p>安全漏洞处理大体流程如下:</p><ul><li>报告人私下向
Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)</li><li>HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 <code>CVE</code>
编号予以登记)</li><li>项目创建一个新版本的受漏洞影响的软件包,以提供修复程序</li><li>合适的时间可公开漏洞的大体问题 &
描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息)</li><li>正式的 CVE 发布及相关流程同 ASF-SEC
页面</li></ul><h2 id=已发现的安全漏洞-cves>已发现的安全漏洞 (CVEs)</h2><h3 id [...]
+或是 <code>HugeGraph-Dev</code> 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。</p><p>独立的安全邮件 (组)
地址为:
<code>[email protected]</code></p><p>安全漏洞处理大体流程如下:</p><ul><li>报告人私下向
Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)</li><li>HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 <code>CVE</code>
编号予以登记)</li><li>项目创建一个新版本的受漏洞影响的软件包,以提供修复程序</li><li>合适的时间可公开漏洞的大体问题 &
描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息)</li><li>正式的 CVE 发布及相关流程同 ASF-SEC
页面</li></ul><h2 id=已发现的安全漏洞-cves>已发现的安全漏洞 (CVEs)</h2><h3 id [...]
</span></span><span style=display:flex><span>
</span></span><span style=display:flex><span><span
style=color:#000>schema</span><span
style=color:#ce5c00;font-weight:700>.</span><span
style=color:#c4a000>propertyKey</span><span
style=color:#ce5c00;font-weight:700>(</span><span
style=color:#4e9a06>"name"</span><span
style=color:#ce5c00;font-weight:700>).</span><span
style=color:#c4a000>asText</span><span
style=color:#ce5c00;font-weight:700>().</span><span
style=color:#c4a000>ifNotExist</span><span style=color:#ce5c00;font-weig [...]
</span></span><span style=display:flex><span><span
style=color:#000>schema</span><span
style=color:#ce5c00;font-weight:700>.</span><span
style=color:#c4a000>propertyKey</span><span
style=color:#ce5c00;font-weight:700>(</span><span
style=color:#4e9a06>"age"</span><span
style=color:#ce5c00;font-weight:700>).</span><span
style=color:#c4a000>asInt</span><span
style=color:#ce5c00;font-weight:700>().</span><span
style=color:#c4a000>ifNotExist</span><span style=color:#ce5c00;font-weight [...]
diff --git a/cn/docs/guides/_print/index.html b/cn/docs/guides/_print/index.html
index 3f122298..a24ae549 100644
--- a/cn/docs/guides/_print/index.html
+++ b/cn/docs/guides/_print/index.html
@@ -504,7 +504,7 @@ HugeGraph目前采用EdgeCut的分区方案。</p><h3 id=3-vertexid-策略>3. Ve
</span></span><span style=display:flex><span>& | %26
</span></span><span style=display:flex><span>= | %3D
</span></span></code></pre></div></li><li><p>查询某一类别的顶点或边(<code>query by
label</code>)时提示超时</p><p>由于属于某一label的数据量可能比较多,请加上limit限制。</p></li><li><p>通过<code>RESTful
API</code>操作图是可以的,但是发送<code>Gremlin</code>语句就报错:<code>Request
Failed(500)</code></p><p>可能是<code>GremlinServer</code>的配置有误,检查<code>gremlin-server.yaml</code>的<code>host</code>、<code>port</code>是否与<code>rest-server.properties</code>的<code>gremlinserver.url</code>匹配,如不匹配则修改,然后重启服务。</p></li><li><p>使用<code>Loader</code>导数据出现<code>Sock
[...]
-或是 <code>HugeGraph-Dev</code> 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。</p><p>独立的安全邮件 (组)
地址为:
<code>[email protected]</code></p><p>安全漏洞处理大体流程如下:</p><ul><li>报告人私下向
Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)</li><li>HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 <code>CVE</code>
编号予以登记)</li><li>项目创建一个新版本的受漏洞影响的软件包,以提供修复程序</li><li>合适的时间可公开漏洞的大体问题 &
描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息)</li><li>正式的 CVE 发布及相关流程同 ASF-SEC
页面</li></ul><h2 id=已发现的安全漏洞-cves>已发现的安全漏洞 (CVEs)</h2><h3 id [...]
+或是 <code>HugeGraph-Dev</code> 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。</p><p>独立的安全邮件 (组)
地址为:
<code>[email protected]</code></p><p>安全漏洞处理大体流程如下:</p><ul><li>报告人私下向
Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)</li><li>HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 <code>CVE</code>
编号予以登记)</li><li>项目创建一个新版本的受漏洞影响的软件包,以提供修复程序</li><li>合适的时间可公开漏洞的大体问题 &
描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息)</li><li>正式的 CVE 发布及相关流程同 ASF-SEC
页面</li></ul><h2 id=已发现的安全漏洞-cves>已发现的安全漏洞 (CVEs)</h2><h3 id [...]
<script src=/js/bootstrap.min.js></script>
<script src=/js/mermaid.min.js></script>
<script src=/js/tabpane-persist.js></script>
diff --git a/cn/docs/guides/index.xml b/cn/docs/guides/index.xml
index f5094a2f..429f54da 100644
--- a/cn/docs/guides/index.xml
+++ b/cn/docs/guides/index.xml
@@ -1019,6 +1019,8 @@ HugeGraph目前采用EdgeCut的分区方案。</p>
<ul>
<li><a
href="https://www.cve.org/CVERecord?id=CVE-2024-27348";>CVE-2024-27348</a>:
HugeGraph-Server - Command execution in gremlin</li>
<li><a
href="https://www.cve.org/CVERecord?id=CVE-2024-27349";>CVE-2024-27349</a>:
HugeGraph-Server - Bypass whitelist in Auth mode</li>
+<li><a
href="https://www.cve.org/CVERecord?id=CVE-2024-43441";>CVE-2024-43441</a>:
HugeGraph-Server - Fixed JWT Token (Secret)</li>
+<li><a
href="https://www.cve.org/CVERecord?id=CVE-2025-26866";>CVE-2025-26866</a>:
HugeGraph-Server - RAFT and deserialization vulnerability</li>
</ul>
<h3
id="hugegraph-toolchainhttpsgithubcomapachehugegraph-toolchain-仓库-hubbleloaderclienttools"><a
href="https://github.com/apache/hugegraph-toolchain";>HugeGraph-Toolchain</a>
仓库 (Hubble/Loader/Client/Tools/..)</h3>
<ul>
diff --git a/cn/docs/guides/security/index.html
b/cn/docs/guides/security/index.html
index 7ae55e32..0b6dd052 100644
--- a/cn/docs/guides/security/index.html
+++ b/cn/docs/guides/security/index.html
@@ -6,24 +6,24 @@
请注意,安全邮件组适用于报告未公开的安全漏洞并跟进漏洞处理的过程。常规的软件 Bug/Error 报告应该使用 Github
Issue/Discussion 或是 HugeGraph-Dev 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。
独立的安全邮件 (组) 地址为: [email protected]
安全漏洞处理大体流程如下:
-报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等) HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 CVE 编号予以登记) 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息) 正式的 CVE 发布及相关流程同
ASF-SEC 页面 已发现的安全漏洞 (CVEs) HugeGraph 主仓库 (Server/PD/Store) CVE-2024-27348:
HugeGraph-Server - Command execution in gremlin CVE-2024-27349:
HugeGraph-Server - Bypass whitelist in Auth mode HugeGraph-Toolchain 仓库
(Hubble/Loader/Client/Tools/."><meta property="og:type" c [...]
+报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等) HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 CVE 编号予以登记) 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息) 正式的 CVE 发布及相关流程同
ASF-SEC 页面 已发现的安全漏洞 (CVEs) HugeGraph 主仓库 (Server/PD/Store) CVE-2024-27348:
HugeGraph-Server - Command execution in gremlin CVE-2024-27349:
HugeGraph-Server - Bypass whitelist in Auth mode CVE-2024-43441:
HugeGraph-Server - Fixed JWT Token (Secret) CVE-2025-26866: Huge [...]
我们强烈建议用户首先向我们的独立安全邮件列表报告此类问题,相关详细的流程规范请参考 ASF SEC 守则。
请注意,安全邮件组适用于报告未公开的安全漏洞并跟进漏洞处理的过程。常规的软件 Bug/Error 报告应该使用 Github
Issue/Discussion 或是 HugeGraph-Dev 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。
独立的安全邮件 (组) 地址为: [email protected]
安全漏洞处理大体流程如下:
-报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等) HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 CVE 编号予以登记) 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息) 正式的 CVE 发布及相关流程同
ASF-SEC 页面 已发现的安全漏洞 (CVEs) HugeGraph 主仓库 (Server/PD/Store) CVE-2024-27348:
HugeGraph-Server - Command execution in gremlin CVE-2024-27349:
HugeGraph-Server - Bypass whitelist in Auth mode HugeGraph-Toolchain 仓库
(Hubble/Loader/Client/Tools/."><meta itemprop=dateModifie [...]
+报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等) HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 CVE 编号予以登记) 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息) 正式的 CVE 发布及相关流程同
ASF-SEC 页面 已发现的安全漏洞 (CVEs) HugeGraph 主仓库 (Server/PD/Store) CVE-2024-27348:
HugeGraph-Server - Command execution in gremlin CVE-2024-27349:
HugeGraph-Server - Bypass whitelist in Auth mode CVE-2024-43441:
HugeGraph-Server - Fixed JWT Token (Secret) CVE-2025-26866: Huge [...]
我们强烈建议用户首先向我们的独立安全邮件列表报告此类问题,相关详细的流程规范请参考 ASF SEC 守则。
请注意,安全邮件组适用于报告未公开的安全漏洞并跟进漏洞处理的过程。常规的软件 Bug/Error 报告应该使用 Github
Issue/Discussion 或是 HugeGraph-Dev 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。
独立的安全邮件 (组) 地址为: [email protected]
安全漏洞处理大体流程如下:
-报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等) HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 CVE 编号予以登记) 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息) 正式的 CVE 发布及相关流程同
ASF-SEC 页面 已发现的安全漏洞 (CVEs) HugeGraph 主仓库 (Server/PD/Store) CVE-2024-27348:
HugeGraph-Server - Command execution in gremlin CVE-2024-27349:
HugeGraph-Server - Bypass whitelist in Auth mode HugeGraph-Toolchain 仓库
(Hubble/Loader/Client/Tools/."><link rel=preload href=/sc [...]
+报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等) HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 CVE 编号予以登记) 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息) 正式的 CVE 发布及相关流程同
ASF-SEC 页面 已发现的安全漏洞 (CVEs) HugeGraph 主仓库 (Server/PD/Store) CVE-2024-27348:
HugeGraph-Server - Command execution in gremlin CVE-2024-27349:
HugeGraph-Server - Bypass whitelist in Auth mode CVE-2024-43441:
HugeGraph-Server - Fixed JWT Token (Secret) CVE-2025-26866: Huge [...]
<link rel=stylesheet
href=/css/prism.css><script>document.addEventListener("DOMContentLoaded",function(){var
t=document.querySelectorAll("pre code.language-mermaid, code.language-mermaid,
pre code.language-fallback,
code.language-fallback"),e=[];t.forEach(function(t){var
n=t.textContent.trim();(n.match(/^(graph|flowchart|sequenceDiagram|classDiagram|pie|gitgraph|erDiagram|journey|gantt|stateDiagram|mindmap|timeline|quadrantChart)/m)||n.includes("-->")||n.includes("->")||n.includes("style
[...]
<a
href=https://github.com/apache/incubator-hugegraph-doc/edit/master/content/cn/docs/guides/security.md
class=td-page-meta--edit target=_blank rel=noopener><i class="fa fa-edit
fa-fw"></i> Edit this page</a>
<a
href="https://github.com/apache/incubator-hugegraph-doc/new/master/content/cn/docs/guides/security.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%2A+Edit+the+%22front+matter%22+secti
[...]
<a
href="https://github.com/apache/incubator-hugegraph-doc/issues/new?title=%e6%8a%a5%e5%91%8a%e5%ae%89%e5%85%a8%e9%97%ae%e9%a2%98";
class=td-page-meta--issue target=_blank rel=noopener><i class="fab fa-github
fa-fw"></i> Create documentation issue</a>
<a href=https://github.com/apache/incubator-hugegraph/issues/new
class=td-page-meta--project-issue target=_blank rel=noopener><i class="fas
fa-tasks fa-fw"></i> Create project issue</a>
<a id=print href=/cn/docs/guides/_print/><i class="fa fa-print fa-fw"></i>
Print entire section</a></div><div class=td-toc><nav
id=TableOfContents><ul><li><a href=#报告-apache-hugegraph-的安全问题>报告 Apache
HugeGraph 的安全问题</a></li><li><a href=#已发现的安全漏洞-cves>已发现的安全漏洞
(CVEs)</a><ul><li><a
href=#hugegraphhttpsgithubcomapachehugegraph-主仓库-serverpdstore><a
href=https://github.com/apache/hugegraph>HugeGraph</a> 主仓库
(Server/PD/Store)</a></li><li><a
href=#hugegraph-toolchainhttpsgithubcomapachehugegrap [...]
-或是 <code>HugeGraph-Dev</code> 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。</p><p>独立的安全邮件 (组)
地址为:
<code>[email protected]</code></p><p>安全漏洞处理大体流程如下:</p><ul><li>报告人私下向
Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)</li><li>HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 <code>CVE</code>
编号予以登记)</li><li>项目创建一个新版本的受漏洞影响的软件包,以提供修复程序</li><li>合适的时间可公开漏洞的大体问题 &
描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息)</li><li>正式的 CVE 发布及相关流程同 ASF-SEC
页面</li></ul><h2 id=已发现的安全漏洞-cves>已发现的安全漏洞 (CVEs)</h2><h3 id [...]
+或是 <code>HugeGraph-Dev</code> 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。</p><p>独立的安全邮件 (组)
地址为:
<code>[email protected]</code></p><p>安全漏洞处理大体流程如下:</p><ul><li>报告人私下向
Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)</li><li>HugeGraph
项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 <code>CVE</code>
编号予以登记)</li><li>项目创建一个新版本的受漏洞影响的软件包,以提供修复程序</li><li>合适的时间可公开漏洞的大体问题 &
描述如何应用修复程序 (遵循 ASF 规范,公告中不应携带复现细节等敏感信息)</li><li>正式的 CVE 发布及相关流程同 ASF-SEC
页面</li></ul><h2 id=已发现的安全漏洞-cves>已发现的安全漏洞 (CVEs)</h2><h3 id [...]
<script src=/js/bootstrap.min.js></script>
<script src=/js/mermaid.min.js></script>
<script src=/js/tabpane-persist.js></script>
diff --git a/cn/sitemap.xml b/cn/sitemap.xml
index f682cedf..0a7b4669 100644
--- a/cn/sitemap.xml
+++ b/cn/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/cn/docs/clients/restful-api/graphspace/</loc><lastmod>2025-11-26T19:15:48+08:00</lastmod><xhtml:link
rel="alternate" hreflang="en"
href="/docs/clients/restful-api/graphspace/"/><xhtml:link rel="alternate"
hreflang="cn"
href="/cn/docs/clients/restful-api/graphspace/"/></url><url><loc>/cn/docs/language/hugegraph-gremlin/</l
[...]
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/cn/docs/clients/restful-api/graphspace/</loc><lastmod>2025-11-26T19:15:48+08:00</lastmod><xhtml:link
rel="alternate" hreflang="en"
href="/docs/clients/restful-api/graphspace/"/><xhtml:link rel="alternate"
hreflang="cn"
href="/cn/docs/clients/restful-api/graphspace/"/></url><url><loc>/cn/docs/language/hugegraph-gremlin/</l
[...]
\ No newline at end of file
diff --git a/docs/_print/index.html b/docs/_print/index.html
index 9808fdf8..b04abf06 100644
--- a/docs/_print/index.html
+++ b/docs/_print/index.html
@@ -9129,7 +9129,7 @@ Merging mode as needed, and when the Restore is
completed, restore the graph mod
</span></span><span style=display:flex><span>& | %26
</span></span><span style=display:flex><span>= | %3D
</span></span></code></pre></div></li><li><p>Timeout when querying vertices or
edges of a certain category (<code>query by label</code>)</p><p>Since the
amount of data belonging to a certain label may be relatively large, please add
a limit limit.</p></li><li><p>It is possible to operate the graph through the
<code>RESTful API</code>, but when sending <code>Gremlin</code> statements, an
error is reported: <code>Request Failed(500)</code></p><p>It may be that the
configuration of <code>Gr [...]
-Regular software <code>Bug/Error</code> reports should be directed to
<code>Github Issue/Discussion</code> or the <code>HugeGraph-Dev</code> email
group. Emails sent to the security list that are unrelated to security issues
will be ignored.</p><p>The independent security email (group) address is:
<code>[email protected]</code></p><p>The general process for
handling security vulnerabilities is as follows:</p><ul><li>The reporter
privately reports the vulnerability to the Apac [...]
+Regular software <code>Bug/Error</code> reports should be directed to
<code>Github Issue/Discussion</code> or the <code>HugeGraph-Dev</code> email
group. Emails sent to the security list that are unrelated to security issues
will be ignored.</p><p>The independent security email (group) address is:
<code>[email protected]</code></p><p>The general process for
handling security vulnerabilities is as follows:</p><ul><li>The reporter
privately reports the vulnerability to the Apac [...]
</span></span><span style=display:flex><span>
</span></span><span style=display:flex><span><span
style=color:#000>schema</span><span
style=color:#ce5c00;font-weight:700>.</span><span
style=color:#c4a000>propertyKey</span><span
style=color:#ce5c00;font-weight:700>(</span><span
style=color:#4e9a06>"name"</span><span
style=color:#ce5c00;font-weight:700>).</span><span
style=color:#c4a000>asText</span><span
style=color:#ce5c00;font-weight:700>().</span><span
style=color:#c4a000>ifNotExist</span><span style=color:#ce5c00;font-weig [...]
</span></span><span style=display:flex><span><span
style=color:#000>schema</span><span
style=color:#ce5c00;font-weight:700>.</span><span
style=color:#c4a000>propertyKey</span><span
style=color:#ce5c00;font-weight:700>(</span><span
style=color:#4e9a06>"age"</span><span
style=color:#ce5c00;font-weight:700>).</span><span
style=color:#c4a000>asInt</span><span
style=color:#ce5c00;font-weight:700>().</span><span
style=color:#c4a000>ifNotExist</span><span style=color:#ce5c00;font-weight [...]
diff --git a/docs/guides/_print/index.html b/docs/guides/_print/index.html
index 408131f9..59512a81 100644
--- a/docs/guides/_print/index.html
+++ b/docs/guides/_print/index.html
@@ -513,7 +513,7 @@ Merging mode as needed, and when the Restore is completed,
restore the graph mod
</span></span><span style=display:flex><span>& | %26
</span></span><span style=display:flex><span>= | %3D
</span></span></code></pre></div></li><li><p>Timeout when querying vertices or
edges of a certain category (<code>query by label</code>)</p><p>Since the
amount of data belonging to a certain label may be relatively large, please add
a limit limit.</p></li><li><p>It is possible to operate the graph through the
<code>RESTful API</code>, but when sending <code>Gremlin</code> statements, an
error is reported: <code>Request Failed(500)</code></p><p>It may be that the
configuration of <code>Gr [...]
-Regular software <code>Bug/Error</code> reports should be directed to
<code>Github Issue/Discussion</code> or the <code>HugeGraph-Dev</code> email
group. Emails sent to the security list that are unrelated to security issues
will be ignored.</p><p>The independent security email (group) address is:
<code>[email protected]</code></p><p>The general process for
handling security vulnerabilities is as follows:</p><ul><li>The reporter
privately reports the vulnerability to the Apac [...]
+Regular software <code>Bug/Error</code> reports should be directed to
<code>Github Issue/Discussion</code> or the <code>HugeGraph-Dev</code> email
group. Emails sent to the security list that are unrelated to security issues
will be ignored.</p><p>The independent security email (group) address is:
<code>[email protected]</code></p><p>The general process for
handling security vulnerabilities is as follows:</p><ul><li>The reporter
privately reports the vulnerability to the Apac [...]
<script src=/js/bootstrap.min.js></script>
<script src=/js/mermaid.min.js></script>
<script src=/js/tabpane-persist.js></script>
diff --git a/docs/guides/index.xml b/docs/guides/index.xml
index ac73979c..0f2a1663 100644
--- a/docs/guides/index.xml
+++ b/docs/guides/index.xml
@@ -1028,6 +1028,8 @@ Regular software <code>Bug/Error</code> reports
should be directed to <
<ul>
<li><a
href="https://www.cve.org/CVERecord?id=CVE-2024-27348";>CVE-2024-27348</a>:
HugeGraph-Server - Command execution in gremlin</li>
<li><a
href="https://www.cve.org/CVERecord?id=CVE-2024-27349";>CVE-2024-27349</a>:
HugeGraph-Server - Bypass whitelist in Auth mode</li>
+<li><a
href="https://www.cve.org/CVERecord?id=CVE-2024-43441";>CVE-2024-43441</a>:
HugeGraph-Server - Fixed JWT Token (Secret)</li>
+<li><a
href="https://www.cve.org/CVERecord?id=CVE-2025-26866";>CVE-2025-26866</a>:
HugeGraph-Server - RAFT and deserialization vulnerability</li>
</ul>
<h3
id="hugegraph-toolchain-project-hubbleloaderclienttools">HugeGraph-Toolchain
project (Hubble/Loader/Client/Tools/..)</h3>
<ul>
diff --git a/docs/guides/security/index.html b/docs/guides/security/index.html
index 08ff4372..95ff41ef 100644
--- a/docs/guides/security/index.html
+++ b/docs/guides/security/index.html
@@ -1,9 +1,9 @@
<!doctype html><html lang=en class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
http-equiv=content-security-policy content="script-src 'self' 'unsafe-inline';
script-src-elem 'self' 'unsafe-inline' https://code.jquery.com
https://cdn.jsdelivr.net https://fonts.googleapis.com;";><meta name=generator
content="Hugo 0.102.3"><meta name=robots content="index, follow"><link
rel="shortcut icon" href=/favicons/favicon.ico> [...]
Adhering to the specifications of ASF, the HugeGraph community maintains a
highly proactive and …"><meta property="og:title" content="Security
Report"><meta property="og:description" content="Reporting New Security
Problems with Apache HugeGraph Adhering to the specifications of ASF, the
HugeGraph community maintains a highly proactive and open attitude towards
addressing security issues in the remediation projects.
We strongly recommend that users first report such issues to our dedicated
security email list, with detailed procedures specified in the ASF SEC code of
conduct.
-Please note that the security email group is reserved for reporting
undisclosed security vulnerabilities and following up on the vulnerability
resolution process."><meta property="og:type" content="article"><meta
property="og:url" content="/docs/guides/security/"><meta
property="article:section" content="docs"><meta
property="article:modified_time" content="2025-10-24T14:59:37+08:00"><meta
property="og:site_name" content="HugeGraph"><meta itemprop=name
content="Security Report"><meta ite [...]
+Please note that the security email group is reserved for reporting
undisclosed security vulnerabilities and following up on the vulnerability
resolution process."><meta property="og:type" content="article"><meta
property="og:url" content="/docs/guides/security/"><meta
property="article:section" content="docs"><meta
property="article:modified_time" content="2025-12-12T16:27:47+08:00"><meta
property="og:site_name" content="HugeGraph"><meta itemprop=name
content="Security Report"><meta ite [...]
We strongly recommend that users first report such issues to our dedicated
security email list, with detailed procedures specified in the ASF SEC code of
conduct.
-Please note that the security email group is reserved for reporting
undisclosed security vulnerabilities and following up on the vulnerability
resolution process."><meta itemprop=dateModified
content="2025-10-24T14:59:37+08:00"><meta itemprop=wordCount
content="283"><meta itemprop=keywords content><meta name=twitter:card
content="summary"><meta name=twitter:title content="Security Report"><meta
name=twitter:description content="Reporting New Security Problems with Apache
HugeGraph Adheri [...]
+Please note that the security email group is reserved for reporting
undisclosed security vulnerabilities and following up on the vulnerability
resolution process."><meta itemprop=dateModified
content="2025-12-12T16:27:47+08:00"><meta itemprop=wordCount
content="297"><meta itemprop=keywords content><meta name=twitter:card
content="summary"><meta name=twitter:title content="Security Report"><meta
name=twitter:description content="Reporting New Security Problems with Apache
HugeGraph Adheri [...]
We strongly recommend that users first report such issues to our dedicated
security email list, with detailed procedures specified in the ASF SEC code of
conduct.
Please note that the security email group is reserved for reporting
undisclosed security vulnerabilities and following up on the vulnerability
resolution process."><link rel=preload
href=/scss/main.min.3276a99ddd5b15fbe3fcf20f8237086c2cbb526b572f4f06a2246fa9279ed395.css
as=style><link
href=/scss/main.min.3276a99ddd5b15fbe3fcf20f8237086c2cbb526b572f4f06a2246fa9279ed395.css
rel=stylesheet integrity><script src=/js/jquery.min.js></script>
<link rel=stylesheet
href=/css/prism.css><script>document.addEventListener("DOMContentLoaded",function(){var
t=document.querySelectorAll("pre code.language-mermaid, code.language-mermaid,
pre code.language-fallback,
code.language-fallback"),e=[];t.forEach(function(t){var
n=t.textContent.trim();(n.match(/^(graph|flowchart|sequenceDiagram|classDiagram|pie|gitgraph|erDiagram|journey|gantt|stateDiagram|mindmap|timeline|quadrantChart)/m)||n.includes("-->")||n.includes("->")||n.includes("style
[...]
@@ -12,7 +12,7 @@ Please note that the security email group is reserved for
reporting undisclosed
<a
href="https://github.com/apache/incubator-hugegraph-doc/issues/new?title=Security%20Report";
class=td-page-meta--issue target=_blank rel=noopener><i class="fab fa-github
fa-fw"></i> Create documentation issue</a>
<a href=https://github.com/apache/incubator-hugegraph/issues/new
class=td-page-meta--project-issue target=_blank rel=noopener><i class="fas
fa-tasks fa-fw"></i> Create project issue</a>
<a id=print href=/docs/guides/_print/><i class="fa fa-print fa-fw"></i> Print
entire section</a></div><div class=td-toc><nav id=TableOfContents><ul><li><a
href=#reporting-new-security-problems-with-apache-hugegraph>Reporting New
Security Problems with Apache HugeGraph</a></li><li><a
href=#known-security-vulnerabilities-cves>Known Security Vulnerabilities
(CVEs)</a><ul><li><a href=#hugegraph-main-project-serverpdstore>HugeGraph main
project (Server/PD/Store)</a></li><li><a href=#hugegraph [...]
-Regular software <code>Bug/Error</code> reports should be directed to
<code>Github Issue/Discussion</code> or the <code>HugeGraph-Dev</code> email
group. Emails sent to the security list that are unrelated to security issues
will be ignored.</p><p>The independent security email (group) address is:
<code>[email protected]</code></p><p>The general process for
handling security vulnerabilities is as follows:</p><ul><li>The reporter
privately reports the vulnerability to the Apac [...]
+Regular software <code>Bug/Error</code> reports should be directed to
<code>Github Issue/Discussion</code> or the <code>HugeGraph-Dev</code> email
group. Emails sent to the security list that are unrelated to security issues
will be ignored.</p><p>The independent security email (group) address is:
<code>[email protected]</code></p><p>The general process for
handling security vulnerabilities is as follows:</p><ul><li>The reporter
privately reports the vulnerability to the Apac [...]
<script src=/js/bootstrap.min.js></script>
<script src=/js/mermaid.min.js></script>
<script src=/js/tabpane-persist.js></script>
diff --git a/en/sitemap.xml b/en/sitemap.xml
index be68374a..0a4b0c36 100644
--- a/en/sitemap.xml
+++ b/en/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/docs/guides/architectural/</loc><lastmod>2025-06-13T21:28:50+08:00</lastmod><xhtml:link
rel="alternate" hreflang="cn"
href="/cn/docs/guides/architectural/"/><xhtml:link rel="alternate"
hreflang="en"
href="/docs/guides/architectural/"/></url><url><loc>/docs/config/config-guide/</loc><lastmod>2025-12-04T18:43:05+08:00</last
[...]
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/docs/guides/architectural/</loc><lastmod>2025-06-13T21:28:50+08:00</lastmod><xhtml:link
rel="alternate" hreflang="cn"
href="/cn/docs/guides/architectural/"/><xhtml:link rel="alternate"
hreflang="en"
href="/docs/guides/architectural/"/></url><url><loc>/docs/config/config-guide/</loc><lastmod>2025-12-04T18:43:05+08:00</last
[...]
\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index 9c3adcef..75b34e24 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>/en/sitemap.xml</loc><lastmod>2025-12-11T16:04:44+08:00</lastmod></sitemap><sitemap><loc>/cn/sitemap.xml</loc><lastmod>2025-12-11T16:04:44+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>/en/sitemap.xml</loc><lastmod>2025-12-12T16:27:47+08:00</lastmod></sitemap><sitemap><loc>/cn/sitemap.xml</loc><lastmod>2025-12-12T16:27:47+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
