[ClusterLabs] Pacemaker 2.1.11-rc1 now available
Chris Lumens
clumens at redhat.com
Tue Jun 23 20:17:22 UTC 2026
Hi all,
I am happy to announce that the source code for the first release
candidate for Pacemaker version 2.1.11 is now available at:
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.1.11-rc1
This release includes an important security fix for CVE-2026-10649
(https://github.com/advisories/GHSA-94r4-qcg7-69qj).
In order to be vulnerable to this problem, you must:
* Enable remote-clear-port or remote-tls-port on your cluster nodes.
These are disabled by default.
* Have that port opened and visible to an attacker - this could either
be because the cluster node is accessible from the outside world, or an
admin system that can access the cluster is compromised.
For more details about changes in this release, please see the change log:
https://github.com/ClusterLabs/pacemaker/blob/2.1/ChangeLog
Everyone is encouraged to download, compile, and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.
I expect to make the final 2.1.11 release in about a week, and a
3.0.3-rc1 release to include this fix (and various others) very soon as
well.
- Chris
More information about the Users
mailing list