Warning: In correlation with the end of life (EOL) date for MSR 3.1.x, Mirantis stopped maintaining this documentation version as of 2025-09-27. The latest MSR product documentation is available here.

Security information

Updated the following middleware component versions to resolve vulnerabilities in MSR:

  • [ENGDTR-4360] Golang 1.23.6

  • [ENGDTR-4382] Alpine Linux 3.18.12

Resolved CVEs, as detailed:

CVE

Status

Problem details from upstream

CVE-2025-26519

Resolved

usl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.