[ClusterLabs] Pacemaker 2.1.11-rc1 now available

Chris Lumens clumens at redhat.com
Tue Jun 23 20:17:22 UTC 2026


Hi all,

I am happy to announce that the source code for the first release
candidate for Pacemaker version 2.1.11 is now available at:

https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.1.11-rc1

This release includes an important security fix for CVE-2026-10649 
(https://github.com/advisories/GHSA-94r4-qcg7-69qj).

In order to be vulnerable to this problem, you must:

* Enable remote-clear-port or remote-tls-port on your cluster nodes. 
These are disabled by default.

* Have that port opened and visible to an attacker - this could either 
be because the cluster node is accessible from the outside world, or an 
admin system that can access the cluster is compromised.

For more details about changes in this release, please see the change log:

https://github.com/ClusterLabs/pacemaker/blob/2.1/ChangeLog

Everyone is encouraged to download, compile, and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.

I expect to make the final 2.1.11 release in about a week, and a 
3.0.3-rc1 release to include this fix (and various others) very soon as 
well.

- Chris



More information about the Users mailing list