Hello Quy, This email went to [email protected] (a public list) and [email protected] (a private list). We have a general policy to avoid threads spanning both public and private lists, as it increases the risk of accidentally disclosing private information.
In this case this is no private information in your email (the issue is disclosed, after all), so [email protected] was the correct list and there's no harm done - no worries. Please drop [email protected] from the rest of the thread, though. Thanks! Kind regards, Arnout Engelen ASF Security On Wed, May 27, 2026 at 5:12 AM Quy Luc <[email protected]> wrote: > > Hello Apache Ignite Team, > > And a special hello to zhattatey — we noticed your name in the credit of > the CVE record, and we appreciate your responsible disclosure of this issue. > > We are currently assessing the impact of CVE-2024-52577 on our Apache > Ignite 2.16.0 deployment and planning our remediation approach. > > The official advisory states that the vulnerability affects "some Ignite > endpoints" where configured Class Serialization Filters are ignored. > However, the advisory does not enumerate which specific endpoints are > within scope. We would greatly appreciate an official clarification on the > following: > > 1. Could you provide a complete list of the Ignite endpoints confirmed to > be affected by this vulnerability? > > 2. For example, we would like to understand whether endpoints beyond the > Thin Client interface (port 10800) are included — such as the Discovery SPI > endpoint or any other internal communication endpoints. > > 3. As a temporary measure prior to upgrading to 2.17.0, we have enabled > authentication on the Thin Client interface. Would this be considered > sufficient mitigation, or are there other affected endpoints that require > additional controls? > > A clear and complete list of affected endpoints would help us accurately > assess our exposure and prioritize our remediation efforts. > > Thank you both for your time. We look forward to your response. > > Best regards >
