Maven package
org.apache.polaris/polaris-runtime-service
pkg:maven/org.apache.polaris/polaris-runtime-service
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42812 | Cri | 9.9 | < 1.4.1 | 1.4.1 | May 4, 2026 | In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table alr | |
| CVE-2026-42809 | Cri | 9.9 | < 1.4.1 | 1.4.1 | May 4, 2026 | Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but th |
- affected < 1.4.1fixed 1.4.1
In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table alr
- affected < 1.4.1fixed 1.4.1
Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but th