Apache Geode version 2.0.1 focuses on critical security vulnerability remediations and dependency updates to ensure the ongoing stability and security of the platform.
Highlights
-
Critical Security Patches: Remediated CVE-2024-12798, CVE-2024-12801, CVE-2025-11226, and CVE-2026-1225 (GEODE-10555 #7982)
-
Vulnerability Remediation: Addressed CVE-2025-68161 to protect against a man-in-the-middle attack (GEODE-10543 #7975)
-
Security Remediation: Resolved CVE-2026-23903 to remediate Authentication Bypass (GEODE-10559 #7986)
-
Denial of Service Remediation: Fixed Allocation of Resources Without Limits or Throttling (GEODE-10565 #7990)
-
Security by-pass and DoS Remediation: Resolved CVE-2026-1605 and CVE-2025-11143 (GEODE-10568 #7992)
-
EndpointRequest Security Fix: Remediated CVE-2025-22235 (GEODE-10572 #7993)
See full release notes at https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-2.0.1