3.6.4 — Security fixes

Fixes provided in 3.6.4

32 CVE(s) fixed compared to the previous release.

Service CVE Severity Package Previously affected
admin-center CVE-2026-44249 HIGH netty-handler 3.6.2
admin-center CVE-2026-45416 HIGH netty-handler 3.6.2
admin-center CVE-2026-45674 HIGH netty-resolver-dns 3.6.2
admin-center CVE-2026-47691 HIGH netty-resolver-dns 3.6.2
admin-center CVE-2026-50010 HIGH netty-handler 3.6.3
ai-service CVE-2026-45447 HIGH libssl3t64 3.6.3.1
ai-service GHSA-537c-gmf6-5ccf HIGH cryptography 3.6.3.1
analysis-node CVE-2026-45591 HIGH Microsoft.AspNetCore.App.Runtime.linux-x64 3.6.3_core8.4.10
etl-service CVE-2026-42504 HIGH stdlib 3.6.3
etl-service CVE-2026-45447 HIGH libcrypto3 3.6.3.1
gateway CVE-2026-44249 HIGH netty-handler 3.6.2
gateway CVE-2026-45416 HIGH netty-handler 3.6.2
gateway CVE-2026-45674 HIGH netty-resolver-dns 3.6.2
gateway CVE-2026-47691 HIGH netty-resolver-dns 3.6.2
gateway CVE-2026-50010 HIGH netty-handler 3.6.3
imaging-apis CVE-2026-42504 HIGH stdlib 3.6.3
imaging-apis CVE-2026-45447 HIGH libcrypto3 3.6.3.1
neo4j CVE-2026-42504 HIGH stdlib 3.6.2
neo4j CVE-2026-45447 HIGH libssl3t64 3.6.2
sso-service CVE-2026-44249 HIGH netty-handler 3.6.2
sso-service CVE-2026-44893 HIGH netty-codec-haproxy 3.6.2
sso-service CVE-2026-45416 HIGH netty-handler 3.6.2
sso-service CVE-2026-45674 HIGH netty-resolver-dns 3.6.2
sso-service CVE-2026-47691 HIGH netty-resolver-dns 3.6.2
sso-service CVE-2026-48059 HIGH netty-codec-haproxy 3.6.2
sso-service CVE-2026-50010 HIGH netty-handler 3.6.3
sso-service CVE-2026-7307 HIGH keycloak-saml-core 3.6.2
sso-service CVE-2026-7504 HIGH keycloak-services 3.6.2
sso-service CVE-2026-7507 HIGH keycloak-services 3.6.2
sso-service CVE-2026-7571 HIGH keycloak-services 3.6.2
viewer CVE-2026-42504 HIGH stdlib 3.6.3
viewer CVE-2026-45447 HIGH libcrypto3 3.6.3.1

Pre-existing — assessed

The following CVEs were present in this release and assessed as not requiring an immediate fix. See Security Advisories for up-to-date status.

No CVEs assessed in this release.