• Rucio Security releases due to two SQL injections
  • SQL Injection in FilterEngine Oracle JSON Path via DID Search API (GHSA-vjr5-c9qv-hgm3, CVE-2026-29080)
    • Only ATLAS & CMS affected, hotfixed in the last weeks
  • SQL Injection in External PostgreSQL Metadata Plugin via DID Search API (GHSA-6j7p-qjhg-9947, CVE-2026-29090)
    • Affects the EXTERNAL postgres metadata plugin
  • Fixed in
    • 35 LTS -> 35.8.5
    • 38 LTS -> 38.5.5
    • 39 -> 39.4.2
    • 40 -> 40.1.1
  • Please update!
• No meeting next week (Ascension day)