Skip to content

docs: add security notice for CVE-2026-26278#8153

Draft
Skaiir wants to merge 1 commit intomainfrom
fast-xml-parser-cve-2-notice
Draft

docs: add security notice for CVE-2026-26278#8153
Skaiir wants to merge 1 commit intomainfrom
fast-xml-parser-cve-2-notice

Conversation

@Skaiir
Copy link
Contributor

@Skaiir Skaiir commented Mar 5, 2026
edited by wollefitz
Loading

Description

Closes https://github.com/camunda/camunda-hub/issues/21386

When should this change go live?

  • This is a bug fix, security concern, or something that needs urgent release support. (add bug or support label)
  • This is already available but undocumented and should be released within a week. (add available & undocumented label)
  • This is on a specific schedule and the assignee will coordinate a release with the Documentation team. (create draft PR and/or add hold label)
  • This is part of a scheduled alpha or minor. (add alpha or minor label) -> To merge when all 3 are released.
  • There is no urgency with this change (add low prio label)

PR Checklist

  • My changes are for an upcoming minor release and are in the /docs directory (version 8.9).
  • My changes are for an already released minor and are in a /versioned_docs directory.

@Skaiir Skaiir requested a review from wollefitz March 5, 2026 14:10
@Skaiir Skaiir added 8.8.9 Scheduled for the 8.8.9 patch release 8.7.17 8.6.26 labels Mar 5, 2026
wollefitz
wollefitz reviewed Mar 5, 2026
View reviewed changes
docs/reference/notices.md
Comment on lines +64 to +65
- [CVE-2025-66614](https://nvd.nist.gov/vuln/detail/CVE-2025-66614)
- [CVE-2026-24734](https://nvd.nist.gov/vuln/detail/CVE-2026-24734)
Copy link
Member

@wollefitz wollefitz Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Skaiir This change is unrelated to the new security notice.

wollefitz
wollefitz reviewed Mar 5, 2026
View reviewed changes
docs/reference/notices.md
Comment on lines +71 to +72
- C7 to C8 Migration Tooling 0.2.0 **AND**
- the Diagram Converter Webapp
Copy link
Member

@wollefitz wollefitz Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Skaiir This change is unrelated to the new security notice.

wollefitz
wollefitz requested changes Mar 5, 2026
View reviewed changes
Copy link
Member

@wollefitz wollefitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, one small remark

@wollefitz wollefitz added CVE This is for any security notice PR related to a CVE fix component:web-modeler-sm Issues related with Web Modeler Self-Managed labels Mar 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wollefitz wollefitz wollefitz requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@Skaiir Skaiir

Labels

8.6.26 8.7.17 8.8.9 Scheduled for the 8.8.9 patch release component:web-modeler-sm Issues related with Web Modeler Self-Managed CVE This is for any security notice PR related to a CVE fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Skaiir @wollefitz