Security fixes
A list of security problems that have been addressed in this release.
- ENG-771: Updated system dependencies to resolve CVE-2026-3805.
- ENG-809: Resolved an inconsistency between Alert Playbooks user interface (UI) behavior and RBAC enforcement.
- ENG-943: Updated system dependencies to solve CVE-2025-69720.
- ENG-992: Updated system dependencies to resolve:
- ENG-1016: Updated dependencies to solve CVE-2026-33671.
- ENG-1051: Arc can now be deployed using Windows Remote Management (WinRM) over hypertext transfer protocol secure (HTTPS) on port 5986/transmission control protocol (TCP).
- ENG-1104: Updated dependencies to solve CVE-2026-4800.
- ENG-1131: Updated dependencies to solve:
- ENG-1151: Updated dependencies to solve:
- ENG-1209: Upgraded the OpenSSL version in the container edition to address the following vulnerabilities:
- ENG-1226: Updated dependencies to solve CVE-2026-39324.
- ENG-1227: Updated dependencies to solve CVE-2026-35611.
- ENG-1237: Updated dependencies to solve:
- ENG-1348: Fixed multiple vulnerabilities in Nginx:
- ENG-1433: Improved the robustness of Smart Polling when it handles malformed network responses.
- ENG-1547: Updated dependencies to solve CVE-2026-41316.
- ENG-1549: Updated system dependencies to resolve:
- ENG-1866: Updated dependencies to solve CVE-2026-41907.
- ENG-1894: Updated operating system (OS) dependencies to address vulnerabilities:
- ENG-1990: Updated dependencies to address CVE-2026-45363.
- ENG-1991: Updated system dependencies to resolve:
- ENG-2020: Updated dependencies to address CVE-2026-9256.