With the upcoming end-of-life (EOL) of MSR 3.1.x, Mirantis encourages you to upgrade to the latest supported version to ensure continued support and security updates.

Security information

Updated the following middleware component versions to resolve vulnerabilities in MSR:

  • [ENGDTR-4360] Golang 1.23.6

  • [ENGDTR-4382] Alpine Linux 3.18.12

Resolved CVEs, as detailed:

CVE

Status

Problem details from upstream

CVE-2025-26519

Resolved

usl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.