Hello Apache Geode Developer Community, The 1.15.4 release is underway, targeting two security fixes that have already been merged to the support/1.15 branch. Below is a draft of the release notes for your review.
Please take a look and let us know if anything should be added, corrected, or reworded. Thank you for your continued support and contributions. ================ BEGIN OF RELEASE NOTE ============== This maintenance release addresses security vulnerabilities in Log4j and Jackson dependencies. Highlights -Log Injection Remediation: Addressed CVE-2026-34478 - Improper Output Neutralization for Logs in Log4j Rfc5424Layout via CRLF injection (GEODE-10580 #8006) -Denial-of-Service Remediation: Resolved allocation of resources without limits or throttling in Jackson Core that allowed oversized JSON documents to bypass document length limits (GEODE-10576 #8003) ================== END OF RELEASE NOTE ============== Best regards, Jinwoo Hwang (he/him/his) SASĀ® Research and Development http://JinwooHwang.com<http://jinwoohwang.com/>
